Unauthenticated SQL Injection in IDAttend's IDWeb Application 3.1.052 and Earlier: Unauthorized Data Extraction and Modification

Unauthenticated SQL Injection in IDAttend's IDWeb Application 3.1.052 and Earlier: Unauthorized Data Extraction and Modification

CVE-2023-27262 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.