9 matches found
CVE-2025-25614
CVE-2025-25614 affects Unifiedtransform version 2.0 and stems from an Incorrect Access Control flaw that enables privilege escalation, allowing teachers to update other teachers’ personal data. The advisory entries consistently describe this as a data-access control deficiency with high impact (C...
CVE-2024-53573
Unifiedtransform v2.X is vulnerable to Incorrect Access Control, enabling unauthorized users to access and manipulate administrative endpoints, specifically the teacher/edit/{id} path. The available data describes the root cause as improper access control, with impact described as high for confid...
CVE-2025-25618
CVE-2025-25618 affects Unifiedtransform 2.0. Root cause: improper access control that permits privilege escalation, enabling teachers to change section names and room numbers. Impact is limited to unauthorized modifications by users with teacher privileges; CVSS 3.1 metrics indicate Network acces...
CVE-2025-25615
Unifiedtransform 2.0 is affected by an incorrect access control vulnerability that allows viewing attendance lists for all class sections. The issue is a confidentiality-related flaw in access control, enabling unauthorized exposure of attendance data without exploitation details provided in the ...
CVE-2025-25616
CVE-2025-25616 : Unifiedtransform 2.0 is vulnerable to Incorrect Access Control that allows students to modify exam rules through the endpoint /exams/edit-rule?exam_rule_id=1 . Root cause: improper access control. Documented impact includes high confidentiality and integrity impact with an overal...
CVE-2025-46203
CVE-2025-46203 – Unifiedtransform (v2.0) : The issue stems from incorrect access control on the /students/edit/{id} endpoint, allowing remote users (students/teachers) to escalate privileges and modify other students’ records. Concrete details across connected sources confirm the vulnerable compo...
CVE-2025-46204
Unifiedtransform v2.0 contains a remote privilege-escalation flaw on the /course/edit/{id} endpoint. Multiple sources (NVD, Red Hat, OSV, CVE listings, and PacketStorm) describe unauthorized modification/access controls that allow an attacker to escalate privileges, with the core issue identified...
CVE-2025-25621
CVE-2025-25621 (Unifiedtransform 2.0) is tied to an Incorrect Access Control flaw that lets a teacher take attendance for other teachers via the endpoint /courses/teacher/index?teacher_id=2&semester_id=1. Affected product is Unifiedtransform 2.x; root cause is improper access checks that allow pr...
CVE-2025-25620
CVE-2025-25620 affects Unifiedtransform 2.0 with a Stored XSS vulnerability in the Create assignment function. The issue enables attacker-controlled scripts to run in other users’ sessions, with PoC details indicating a stored XSS path via assignment creation/uploaded content and impact described...