Unifiedtransform Access Control Vulnerability Allowing Attendance Manipulation
Vulnerability
A vulnerability in Unifiedtransform version 2.0 allows teachers to incorrectly access and modify attendance records of other teachers. This issue arises from improper access control on the attendance management endpoint, enabling unauthorized attendance tracking actions.
Impact
Exploitation of this vulnerability could lead to unauthorized changes in attendance records, allowing teachers to falsely represent their peers' attendance status. This could disrupt the integrity of attendance management within the application.
Reproduction
To reproduce this vulnerability, log into the application as a teacher. Navigate to the attendance management endpoint for teachers, specifically targeting the 'Take Attendance' feature. Once there, select a fellow teacher's attendance record and save the changes. This process can be repeated for any teacher by changing the 'teacher_id' parameter in the request.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.