CVE-2023-26572

Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.013 allows extraction or modification of all data by unauthenticated attackers.

Affected Versions

Discovered in: 3.1.013

Fixed Versions

Fixed in: 3.1.053