Melodi Dey

**Name of the Vulnerable Software and Affected Versions** IDWeb application versions 3.1.052 and earlier **Description** The issue is related to missing authentication in the `StudentPopupDetails Timetable` method, allowing unauthenticated attackers to extract sensitive student data. **Recommendations** For versions 3.1.052 and earlier, consider disabling the `StudentPopupDetails Timetable` method until a patch is available to prevent the extraction of sensitive student data.

**Name of the Vulnerable Software and Affected Versions** IDWeb application versions 3.1.052 and earlier **Description** The issue concerns missing authentication in the `SetStudentNotes` method, allowing unauthenticated attackers to modify student data. **Recommendations** For IDWeb application versions 3.1.052 and earlier, update to a version that includes proper authentication for the `SetStudentNotes` method to prevent unauthorized modification of student data. As a temporary workaround, consider restricting access to the `SetStudentNotes` method until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IDWeb application versions 3.1.052 and earlier **Description** The issue is related to missing authentication in the `SearchStudents` method, allowing unauthenticated attackers to extract sensitive student data. **Recommendations** For versions 3.1.052 and earlier, consider disabling the `SearchStudents` method until a patch is available to prevent exploitation. Restrict access to sensitive student data to minimize the risk of unauthorized extraction.

**Name of the Vulnerable Software and Affected Versions** IDWeb application versions 3.1.052 and earlier **Description** The issue concerns missing authentication in the `SearchStudentsStaff` method, allowing unauthenticated attackers to extract sensitive student and teacher data. **Recommendations** For versions 3.1.052 and earlier, consider disabling the `SearchStudentsStaff` method until a patch is available to prevent exploitation. Restrict access to sensitive student and teacher data to minimize the risk of unauthorized extraction. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IDWeb application versions 3.1.052 and earlier **Description** The issue is related to missing authentication in the `SearchStudentsRFID` method, allowing unauthenticated attackers to extract sensitive student data. **Recommendations** For versions 3.1.052 and earlier, consider disabling the `SearchStudentsRFID` method until a patch is available to prevent exploitation. As a temporary workaround, restrict access to sensitive student data to minimize the risk of unauthorized extraction.

**Name of the Vulnerable Software and Affected Versions** IDWeb application versions 3.1.052 and earlier **Description** The issue concerns missing authentication in the `GetStudentGroupStudents` method, allowing unauthenticated attackers to retrieve student and teacher data. **Recommendations** For IDWeb application versions 3.1.052 and earlier, consider disabling the `GetStudentGroupStudents` method until a patch is available to prevent unauthorized data retrieval. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IDWeb application versions 3.1.052 and earlier **Description** The issue concerns missing authentication in the `GetAssignmentsDue` method, allowing unauthenticated attackers to extract sensitive student and teacher data. **Recommendations** For versions 3.1.052 and earlier, consider disabling the `GetAssignmentsDue` method until a patch is available to prevent unauthorized data extraction. Restrict access to sensitive student and teacher data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IDWeb application versions 3.1.052 and earlier **Description** The issue concerns missing authentication in the `StudentPopupDetails ContactDetails` method, allowing unauthenticated attackers to extract sensitive student data. **Recommendations** For versions 3.1.052 and earlier, consider disabling the `StudentPopupDetails ContactDetails` method until a patch is available to prevent the extraction of sensitive student data.

**Name of the Vulnerable Software and Affected Versions** IDWeb application versions 3.1.052 and earlier **Description** The issue concerns missing authentication in the `StudentPopupDetails StudentDetails` method, allowing unauthenticated attackers to extract sensitive student data. **Recommendations** For versions 3.1.052 and earlier, consider disabling the `StudentPopupDetails StudentDetails` method until a patch is available to prevent the extraction of sensitive student data.

**Name of the Vulnerable Software and Affected Versions** IDWeb application versions 3.1.052 and earlier **Description** The issue is related to missing authentication in the `StudentPopupDetails EmergencyContactDetails` method, allowing unauthenticated attackers to extract sensitive student data. **Recommendations** For versions 3.1.052 and earlier, consider disabling the `StudentPopupDetails EmergencyContactDetails` method until a patch is available to prevent exploitation.