{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T07:54:46.857","vulnerabilities":[{"cve":{"id":"CVE-2024-12305","sourceIdentifier":"vulnerability@ncsc.ch","published":"2024-12-09T09:15:04.970","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the student_id parameter in the marks viewing endpoint. The vulnerability exists due to insufficient access control checks in MarkController.php. At the time of publication of the CVE no patch is available."},{"lang":"es","value":"Una vulnerabilidad de control de acceso a nivel de objeto en Unifiedtransform versión 2.0 y posiblemente versiones anteriores permite el acceso no autorizado a las calificaciones de los estudiantes. Un usuario estudiante malintencionado puede ver las calificaciones de otros estudiantes manipulando el parámetro student_id en el punto de acceso de visualización de calificaciones. La vulnerabilidad existe debido a controles de acceso insuficientes en MarkController.php. En el momento de la publicación de la CVE no hay ningún parche disponible."}],"metrics":{"cvssMetricV31":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://huntr.com/bounties/90a7299e-9233-43fd-b666-7375c4fdbb3c","source":"vulnerability@ncsc.ch"}]}}]}