CVE-2023-27262

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Oct 25, 2023

Updated: Oct 28, 2023

CWE ID 89

Summary

CVE-2023-27262 is a critical SQL injection vulnerability affecting IDAttend's IDWeb application version 3.1.052 and earlier. This unauthenticated issue resides in the GetAssignmentsDue method, allowing unauthorized attackers to extract or manipulate all data stored in the system. Successful exploitation of this vulnerability could result in significant data breaches, granting attackers unrestricted access to sensitive information. Organizations running IDWeb application versions prioritized to apply the necessary patches or updates without delay to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tIYaVW
https://www.cve.org/CVERecord?id=CVE-2023-27262
https://nvd.nist.gov/vuln/detail/CVE-2023-27262

Back to Vulnerability Database

CVE-2023-27262

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations