ReportizFlow
Filtered by vendor Unifiedtransform
Subscriptions
Filtered by product Unifiedtransform
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12305 | 1 Unifiedtransform | 1 Unifiedtransform | 2024-12-09 | 4.3 Medium |
| An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the student_id parameter in the marks viewing endpoint. The vulnerability exists due to insufficient access control checks in MarkController.php. At the time of publication of the CVE no patch is available. | ||||
| CVE-2024-12307 | 1 Unifiedtransform | 1 Unifiedtransform | 2024-12-09 | 4.3 Medium |
| A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available. | ||||
| CVE-2024-12306 | 1 Unifiedtransform | 1 Unifiedtransform | 2024-12-09 | 4.3 Medium |
| Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available. | ||||
Page 1 of 1.