CVE-2024-12305

Object-Level Access Control Vulnerability Allows Unauthorized Access to Student Grades in Unifiedtransform

Description

An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the student_id parameter in the marks viewing endpoint. The vulnerability exists due to insufficient access control checks in MarkController.php. At the time of publication of the CVE no patch is available.

INFO

Published Date :

2024-12-09T08:49:53.971Z

Last Modified :

2024-12-09T15:30:21.269Z

Source :

NCSC.ch

AFFECTED PRODUCTS

The following products are affected by CVE-2024-12305 vulnerability.

Vendors	Products
Unifiedtransform	Unifiedtransform

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12305.

URL	Resource
https://huntr.com/bounties/90a7299e-9233-43fd-b666-7375c4fdbb3c

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact