CVE-2023-26580

Summary

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.

Affected Software

VendorProductVersion RangeStatus
IDAttend Pty LtdIDWeb0 <= 3.1.052affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function
  • CWE-552: CWE-552 Files or Directories Accessible to External Parties

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References