漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform
Vulnerability Description
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Unifiedtransform 安全漏洞
Vulnerability Description
Unifiedtransform是Sourceforge开源的一款开源的学校管理软件。可对学校运营进行全面高效的管理。 Unifiedtransform 2.0版本及之前版本存在安全漏洞,该漏洞源于多个访问控制漏洞允许未经授权访问学生和教师的个人信息。
CVSS Information
N/A
Vulnerability Type
N/A