112 matches found
PT-2025-9872 · Unknown · Unifiedtransform
Name of the Vulnerable Software and Affected Versions: Unifiedtransform versions 2.X Description: The issue allows teachers to take attendance of fellow teachers through the endpoint "/courses/teacher/index?teacher id=2&s...". This is due to incorrect access control. Recommendations: For...
PT-2025-9871 · Unknown · Unifiedtransform
Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: The issue is related to Cross Site Scripting XSS in the Create assignment function, allowing attackers to execute malicious scripts in the context of other users. Recommendations: For Unifiedtransform...
CVE-2024-53573
Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/id...
CVE-2024-53573
Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/id...
CVE-2024-53573
Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/id...
CVE-2024-53573
Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/id...
Unifiedtransform 安全漏洞
Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform v2.X. The vulnerability stems from improper access control, which allows unauthorized users to access and operate the management endpoints...
CVE-2024-53573
Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/id...
CVE-2024-53573
Unifiedtransform v2.X is vulnerable to Incorrect Access Control, enabling unauthorized users to access and manipulate administrative endpoints, specifically the teacher/edit/{id} path. The available data describes the root cause as improper access control, with impact described as high for confid...
PT-2025-8750 · Unknown · Unifiedtransform
Name of the Vulnerable Software and Affected Versions: Unifiedtransform versions 2.X Description: The issue is related to Incorrect Access Control, allowing unauthorized users to access and manipulate endpoints intended for administrative use. Specifically, the endpoint "teacher/edit/id" is...
CVE-2024-12307
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...
CVE-2024-12306
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level...
CVE-2024-12307 Function-Level Access Control Vulnerability Allows Unauthorized Modification of Student Data in Unifiedtransform
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...
CVE-2024-12307 Function-Level Access Control Vulnerability Allows Unauthorized Modification of Student Data in Unifiedtransform
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...
CVE-2024-12307
CVE-2024-12307 affects Unifiedtransform (2.0 and earlier). Root cause: function-level access control missing in the student editing workflow, enabling teachers to modify student personal data without proper authorization. Initial publication notes no patch was available. Connected sources also re...
CVE-2024-12306 Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level...
CVE-2024-12306 Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level...
CVE-2024-12306
CVE-2024-12306 concerns multiple access control vulnerabilities in Unifiedtransform, affecting version 2.0 and earlier. The issues include function-level access controls in list endpoints and object-level access controls in profile endpoints, enabling a malicious student to view personal informat...
CVE-2024-12305 Object-Level Access Control Vulnerability Allows Unauthorized Access to Student Grades in Unifiedtransform
An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...
CVE-2024-12305
Unifiedtransform v2.0 (and potentially earlier) contains an object‑level access control flaw in MarkController.php that lets a student access other students’ grades by altering the student_id parameter in the marks viewing endpoint. The CVE description explicitly notes insufficient access checks ...