PT-2025-23849 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: An issue in Unifiedtransform allows a remote attacker to escalate privileges via the "/course/edit/id" endpoint. Recommendations: For Unifiedtransform version 2.0, as a temporary workaround, consider...

PT-2025-23848 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: The issue allows a remote attacker to escalate privileges via the "/students/edit/id" endpoint. Recommendations: For Unifiedtransform version 2.0, as a temporary workaround, consider restricting acces...

CVE-2025-46203

An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/id endpoint...

Unifiedtransform 安全漏洞

Unifiedtransform is an open source school management software by Hasib Mahmud Individual Developer. A security vulnerability exists in Unifiedtransform version v2.0, which stems from the /students/edit/id endpoint vulnerability and could lead to remote elevation of privilege...

CVE-2025-46204

Unifiedtransform v2.0 contains a remote privilege-escalation flaw on the /course/edit/{id} endpoint. Multiple sources (NVD, Red Hat, OSV, CVE listings, and PacketStorm) describe unauthorized modification/access controls that allow an attacker to escalate privileges, with the core issue identified...

CVE-2025-46203

CVE-2025-46203 – Unifiedtransform (v2.0) : The issue stems from incorrect access control on the /students/edit/{id} endpoint, allowing remote users (students/teachers) to escalate privileges and modify other students’ records. Concrete details across connected sources confirm the vulnerable compo...

CVE-2025-46204

An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/id endpoint...

CVE-2025-46204

An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/id endpoint...

CVE-2024-27665

Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting XSS via file upload feature in Syllabus module...

CVE-2024-12306

Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level...

CVE-2024-12307

A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...

CVE-2024-12305

An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...

CVE-2025-25618

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers...

CVE-2025-25621

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacherid=2id=1...

CVE-2025-25621

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacherid=2&semesterid=1...

CVE-2025-25618

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers...

Unifiedtransform 安全漏洞

Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0, which stems from improper access control and could lead to teachers signing in with each other...

CVE-2025-25618

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers...

CVE-2025-25621

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacherid=2&semesterid=1...

CVE-2025-25621

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacherid=2&semesterid=1...