Unifiedtransform Privilege Escalation Vulnerability Allowing Unauthorized Data Modifications
Vulnerability
A vulnerability in Unifiedtransform version 2.0 allows for privilege escalation through incorrect access control. This issue enables teachers to alter the personal information of their colleagues, potentially leading to significant data integrity problems.
Impact
Exploitation of this vulnerability could result in unauthorized changes to personal data, creating data integrity issues and allowing for improper privilege escalation.
Reproduction
To reproduce this vulnerability, log into the application as a teacher. Navigate to the endpoint for editing teacher details, such as '/teachers/edit/3'. After accessing the edit page, modify the desired information and save the changes. This process will unauthorizedly update another teacher's data, a task reserved for administrators.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.