CVE-2023-26581
published 2023-10-25CVE-2023-26581: Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by…
PriorityP260critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.56%
42.1th percentile
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| idattend | idweb | <= 3.1.052 | — |
| idattend_pty_ltd | idweb | <= 3.1.052 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-azure-6.5 vulnerabilities
osv·2024-04-24·CVSS 7.8
CVE-2023-52600 linux-azure-6.5 vulnerabilities
linux-azure-6.5 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)
OSV
linux-azure, linux-lowlatency, linux-nvidia vulnerabilities
osv·2024-04-23·CVSS 6.8
CVE-2023-24023 linux-azure, linux-lowlatency, linux-nvidia vulnerabilities
linux-azure, linux-lowlatency, linux-nvidia vulnerabilities
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- Netfilter;
(CVE-2024-26581, CVE-2023-52600, CVE-2023-52603)
OSV
linux-lowlatency-hwe-6.5 vulnerabilities
osv·2024-04-22·CVSS 7.8
CVE-2023-52600 linux-lowlatency-hwe-6.5 vulnerabilities
linux-lowlatency-hwe-6.5 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)
OSV
linux, linux-aws, linux-aws-6.5, linux-azure, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-nvidia-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, lin
osv·2024-04-19·CVSS 7.8
CVE-2023-52600 linux, linux-aws, linux-aws-6.5, linux-azure, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-nvidia-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, lin
linux, linux-aws, linux-aws-6.5, linux-azure, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-nvidia-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-starfive, linux-starfive-6.5 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)
GHSA
GHSA-qp4h-xpf2-fc6c: Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3
ghsa_unreviewed·2023-10-25
CVE-2023-26581 [CRITICAL] CWE-89 GHSA-qp4h-xpf2-fc6c: Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-25
Published