What the vulnerability does
01Description
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-26569
CRITICAL
CVE-2023-26569: Unauthenticated SQL Injection In IDAttend’s IDWeb Application
CVSS base score
9.8/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
October 25, 2023
CVE published
September 10, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-40755
CVE-2024-12488 code-projects Online Class and Exam Scheduling System subject_update.php sql injection
CVE-2025-62367 Taiga Blind SQL Injection Time Based
CVE-2024-0469 code-projects Human Resource Integrated System update_personal_info.php sql injection
CVE-2026-6674 Plugin: CMS für Motorrad Werkstätten <= 1.0.0 - Authenticated (Subscriber+) SQL Injection via 'arttype' Parameter
