Primary

Context

Unifiedtransform Privilege Escalation Vulnerability Allowing Unauthorized Syllabus Creation

Vulnerability

A privilege escalation vulnerability has been identified in Unifiedtransform version 2.X, allowing teachers to create syllabus entries. This functionality is intended solely for administrators. The issue arises from incorrect access control, which enables teachers to bypass authorization and add syllabus data, potentially disrupting academic management.

Impact

Exploitation of this vulnerability allows teachers to gain unauthorized access to syllabus creation features, leading to the addition of incorrect or misleading syllabus information.

Reproduction

To reproduce this vulnerability, log into the application as a teacher. Navigate to the syllabus creation endpoint, fill in the required fields, and save the entry. The syllabus will be created despite the lack of proper authorization.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Unifiedtransform Privilege Escalation Vulnerability Allowing Unauthorized Syllabus Creation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating