Unifiedtransform Incorrect Access Control Vulnerability Allowing Unauthorized Attendance Data Access
Vulnerability
A vulnerability in Unifiedtransform version 2.0 allows teachers to bypass access controls and view attendance records for all class sections. This issue arises from improper access management, as attendance data should only be accessible to administrators. The vulnerability could lead to privacy violations and misuse of attendance information.
Impact
Exploitation of this vulnerability allows teachers to access attendance data for any class section, a privilege that should be reserved for administrators. This unauthorized access can result in privacy breaches and potential misuse of sensitive attendance information.
Reproduction
To reproduce this vulnerability, log into the application as a teacher. Navigate to the attendance viewing endpoint and modify the class_id and section_id parameters to access different sections. Once the attendance for a selected class section is displayed, the vulnerability is successfully reproduced.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.