CVE-2023-27258 Information

Description

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.

Reference

https://www.themissinglink.com.au/security-advisories/cve-2023-27258