CVE-2023-27257

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.

References

https://www.themissinglink.com.au/security-advisories/cve-2023-27257