112 matches found
CVE-2025-25618
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers...
Unifiedtransform 安全漏洞
Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0, which stems from improper access control and could lead to teachers signing in with each other...
CVE-2025-25618
CVE-2025-25618 affects Unifiedtransform 2.0. Root cause: improper access control that permits privilege escalation, enabling teachers to change section names and room numbers. Impact is limited to unauthorized modifications by users with teacher privileges; CVSS 3.1 metrics indicate Network acces...
CVE-2025-25621
CVE-2025-25621 (Unifiedtransform 2.0) is tied to an Incorrect Access Control flaw that lets a teacher take attendance for other teachers via the endpoint /courses/teacher/index?teacher_id=2&semester_id=1. Affected product is Unifiedtransform 2.x; root cause is improper access checks that allow pr...
CVE-2025-25614
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers...
CVE-2025-25616
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?examruleid=1...
CVE-2025-25615
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...
CVE-2025-25614
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...
CVE-2025-25614
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers...
CVE-2025-25616
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?examruleid=1...
CVE-2025-25616
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?examruleid=1...
CVE-2025-25615
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...
CVE-2025-25616
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?examruleid=1...
CVE-2025-25615
Unifiedtransform 2.0 is affected by an incorrect access control vulnerability that allows viewing attendance lists for all class sections. The issue is a confidentiality-related flaw in access control, enabling unauthorized exposure of attendance data without exploitation details provided in the ...
CVE-2025-25615
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections...
Unifiedtransform 访问控制错误漏洞
Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0, which stems from an access control error that could lead to viewing attendance lists for all classes...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...