CVE-2024-12307 — MEDIUM (4.3)

Vulnerability Description

A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-284

References

https://huntr.com/bounties/90a7299e-9233-43fd-b666-7375c4fdbb3c

FAQ

What is CVE-2024-12307?

CVE-2024-12307 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnera...

How severe is CVE-2024-12307?

CVE-2024-12307 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-12307?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.