Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform
Vulnerability Description
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Unifiedtransform 安全漏洞
Vulnerability Description
Unifiedtransform是Sourceforge开源的一款开源的学校管理软件。可对学校运营进行全面高效的管理。 Unifiedtransform 2.0版本及之前版本存在安全漏洞,该漏洞源于多个访问控制漏洞允许未经授权访问学生和教师的个人信息。
CVSS Information
N/A
Vulnerability Type
N/A