CVE-2024-12305

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 9, 2024
CWE ID 639

Summary

CVE-2024-12305 is an object-level access control vulnerability affecting Unifiedtransform version 2.0 and possibly older releases. This issue enables unauthorized users, specifically malicious student users, to access the grades of other students through manipulation of the student_id parameter in the marks viewing endpoint. The root cause is insufficient access control checks in MarkController.php. At the time of this summary, a patch to remediate this vulnerability has not been released.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share