CVE-2023-26584 - OpenCVE

Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Idattend	Idweb

Configuration 1 [-]

cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.themissinglink.com.au/security-advisories/cve-2023-26584	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TML

Published: 2023-10-25T10:02:42.450Z

Updated: 2023-10-26T06:40:27.756Z

Reserved: 2023-02-26T06:25:18.750Z

Link: CVE-2023-26584

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-25T18:17:26.180

Modified: 2023-10-28T03:20:48.837

Link: CVE-2023-26584

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B", "versionEndIncluding": "3.1.052", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "}, {"lang": "es", "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetStudentInconsistencies en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."}], "id": "CVE-2023-26584", "lastModified": "2023-10-28T03:20:48.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "vdp@themissinglink.com.au", "type": "Secondary"}]}, "published": "2023-10-25T18:17:26.180", "references": [{"source": "vdp@themissinglink.com.au", "tags": ["Third Party Advisory"], "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26584"}], "sourceIdentifier": "vdp@themissinglink.com.au", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "vdp@themissinglink.com.au", "type": "Secondary"}]}