Medium severity4.3NVD Advisory· Published Dec 9, 2024· Updated Apr 15, 2026
CVE-2024-12306
CVE-2024-12306
Description
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.0
- Range: <=2.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.