idattend CVE Vulnerabilities & Metrics

Focus on idattend vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About idattend Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with idattend. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total idattend CVEs: 30
Earliest CVE date: 25 Oct 2023, 18:17 UTC
Latest CVE date: 25 Oct 2023, 18:17 UTC

Latest CVE reference: CVE-2023-27377

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical idattend CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	30
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS idattend CVEs

These are the five CVEs with the highest CVSS scores for idattend, sorted by severity first and recency.

CVE-2023-27377 idattend Published on 25 Oct 2023, 18:17 UTC (CVSS: 0)
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27376 idattend Published on 25 Oct 2023, 18:17 UTC (CVSS: 0)
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27375 idattend Published on 25 Oct 2023, 18:17 UTC (CVSS: 0)
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27262 idattend Published on 25 Oct 2023, 18:17 UTC (CVSS: 0)
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-27261 idattend Published on 25 Oct 2023, 18:17 UTC (CVSS: 0)
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.

All CVEs for idattend

CVE-2023-27377 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

CVE-2023-27376 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

CVE-2023-27375 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

CVE-2023-27262 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-27261 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.

CVE-2023-27260 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-27259 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.

CVE-2023-27258 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.

CVE-2023-27257 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.

CVE-2023-27256 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.

CVE-2023-27255 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-27254 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-26584 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-26583 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-26582 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-26581 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-26580 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.

CVE-2023-26579 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.

CVE-2023-26578 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.

CVE-2023-26577 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.

CVE-2023-26576 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

CVE-2023-26575 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.

CVE-2023-26574 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

CVE-2023-26573 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.

CVE-2023-26572 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-26571 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.

CVE-2023-26570 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

CVE-2023-26569 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-26568 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE-2023-1356 idattend vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.