POC详情: 237855e36bbe21a2836ce01bfdb6ef78fcccd186

来源
https://github.com/armaansidana2003/CVE-2025-25621
关联漏洞

疑似Oday

介绍
# CVE-2025-25621

Unifiedtransform v2.X is vulnerable to Incorrect Access Control, allowing teachers to take attendance of fellow teachers through the endpoint `/courses/teacher/index?teacher_id=2&semester_id=1`.  

Vendor: [Unifiedtransform](https://github.com/changeweb/Unifiedtransform)  

---

## PoC

**Step 1:** Log in to the application as a Teacher.  

**Step 2:** Navigate to the endpoint `/courses/teacher/index?teacher_id=2&semester_id=1` (Change the Teacher ID).  

**Step 3:** Click on "Take Attendance" and then click on "Save."  

**Impact:** Teachers can manipulate attendance records for other teachers, which should only be possible for admins, leading to privilege escalation and potential misuse.  

---

**Vulnerability Type:** Incorrect Access Control  
**Attack Type:** Remote  
**Impact:** Privilege Escalation  
**Attack Vectors:** Broken access control, allowing teachers to take attendance for other teachers.  

**Discoverer:** Armaan Sidana  

**References:**  
- [Unifiedtransform Official Site](http://unifiedtransform.com)  
- [Unifiedtransform GitHub Repository](https://github.com/changeweb/Unifiedtransform)
文件快照

 [4.0K]  /data/pocs/237855e36bbe21a2836ce01bfdb6ef78fcccd186
└── [1.1K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。