130 matches found
CVE-2024-12307
CVE-2024-12307 affects Unifiedtransform (2.0 and earlier). Root cause: function-level access control missing in the student editing workflow, enabling teachers to modify student personal data without proper authorization. Initial publication notes no patch was available. Connected sources also re...
CVE-2024-12307 Function-Level Access Control Vulnerability Allows Unauthorized Modification of Student Data in Unifiedtransform
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...
Unifiedtransform 安全漏洞
Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0 and prior versions that stems from a functional-level access control vulnerability that allows teachers to modify personal...
PT-2024-17537 · Unknown · Unifiedtransform
Name of the Vulnerable Software and Affected Versions: Unifiedtransform versions 2.0 and earlier Description: A function-level access control issue exists due to missing access control checks in the student editing functionality, allowing teachers to modify student personal data without proper...
CVE-2024-41250
An Incorrect Access Control vulnerability was found in /smsa/viewstudents.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details...
IR Q4 2023 trends: Significant increase in ransomware activity found in engagements, while education remains one of the most-targeted sectors
First time ransomware was the top threat in 2023, according to Q4 2023 Talos Incident Response report Ransomware, including pre-ransomware activity, was the top observed threat in the fourth quarter of 2023, accounting for 28 percent of engagements, according to Cisco Talos Incident Response Talo...
Educare < 1.4.7 - Missing Authorization to Sensitive Information Exposure
Description The Educare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the educaregetdatafromstudents function in versions up to, and including, 1.4.6. This makes it possible for authenticated attackers, with subscriber-level permissions and...
CVE-2023-27258
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers...
CVE-2023-27259
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers...
CVE-2023-27375
Missing authentication in the StudentPopupDetailsContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...
CVE-2023-27376
Missing authentication in the StudentPopupDetailsStudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...
CVE-2023-27377
Missing authentication in the StudentPopupDetailsEmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...
CVE-2023-27375
Missing authentication in the StudentPopupDetailsContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...
CVE-2023-26574
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...
CVE-2023-26576
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...
CVE-2023-26570
Missing authentication in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...
CVE-2023-26571
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers...
CVE-2023-26570
Missing authentication in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...
CVE-2023-26575
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers...
CVE-2023-26571
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers...