Login Sign Up

CVE-2023-26583

9.8 CRITICAL
SQL Injection

📋 TL;DR

Unauthenticated SQL injection vulnerability in IDAttend's IDWeb application allows attackers to extract or modify all database data without authentication. This affects IDWeb version 3.1.052 and earlier installations. Attackers can compromise sensitive attendance and personnel data.

💻 Affected Systems

Products:
  • IDAttend IDWeb
Versions: 3.1.052 and earlier
Operating Systems: Windows (typical deployment)
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Idweb by Idattend

View all CVEs affecting Idweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including extraction of all sensitive personnel data, modification of critical records, and potential system takeover through privilege escalation.

🟠

Likely Case

Data exfiltration of sensitive attendance records, personal information, and potential credential harvesting from database tables.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and input validation are implemented to block SQL injection attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities are commonly weaponized, and unauthenticated access makes exploitation trivial for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.053 or later

Vendor Advisory: https://www.themissinglink.com.au/security-advisories/cve-2023-26583

Restart Required: Yes

Instructions:

1. Download latest version from IDAttend vendor. 2. Backup current installation and database. 3. Install updated version. 4. Restart IDWeb service. 5. Verify functionality.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns targeting the GetCurrentPeriod method

Network Segmentation

all

Restrict access to IDWeb application to authorized internal networks only

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries at application level
  • Deploy network-based intrusion prevention system with SQL injection detection rules

🔍 How to Verify

Check if Vulnerable:

Check IDWeb version in application interface or configuration files. If version is 3.1.052 or earlier, system is vulnerable.

Check Version:

Check application interface or examine web.config/application configuration files for version information

Verify Fix Applied:

Verify version is 3.1.053 or later and test GetCurrentPeriod functionality with SQL injection test payloads.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in application logs
  • Multiple failed authentication attempts followed by SQL syntax in requests
  • Database error messages containing SQL syntax

Network Indicators:

  • HTTP requests to GetCurrentPeriod endpoint with SQL keywords (SELECT, UNION, etc.)
  • Unusual database connection patterns from web server

SIEM Query:

source="IDWeb" AND (url="*GetCurrentPeriod*" AND (request="*SELECT*" OR request="*UNION*" OR request="*OR 1=1*"))

📊 Metadata

CVE ID: CVE-2023-26583
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: October 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26583, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)