Medium severity4.3NVD Advisory· Published Dec 9, 2024· Updated Apr 15, 2026
CVE-2024-12305
CVE-2024-12305
Description
An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the student_id parameter in the marks viewing endpoint. The vulnerability exists due to insufficient access control checks in MarkController.php. At the time of publication of the CVE no patch is available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=2.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.