关联漏洞
标题:
N/A
(CVE-2025-25616)
描述:Unifiedtransform 2.0 存在不正确的访问控制漏洞,允许学生修改考试规则。受影响的访问路径为 /exams/edit-rule?exam_rule_id=1。
介绍
# CVE-2025-25616
Unifiedtransform v2.X is vulnerable to Incorrect Access Control, allowing students to modify exam rules. The affected endpoint is `/exams/edit-rule?exam_rule_id=1`.
Vendor: [Unifiedtransform](https://github.com/changeweb/Unifiedtransform)
---
## PoC
**Step 1:** Log in to the application as a Student.
**Step 2:** Browse to the following endpoint:
/exams/edit-rule?exam_rule_id=1
(Modify the `exam_rule_id` parameter to target different exam rules.)
**Step 3:** Change the exam rules and click on save.
**Impact:** This allows unauthorized modification of exam rules, which should only be accessible by administrators. Students could manipulate exam parameters, like setting minimum passing marks, leading to severe business logic flaws and compromising the integrity of the exam system.
---
**Vulnerability Type:** Incorrect Access Control
**Attack Type:** Remote
**Impact:** Escalation of Privileges
**Attack Vectors:** Broken Access Control allows students to modify exam rules.
**Discoverer:** Armaan Sidana
**References:**
- [Unifiedtransform Official Site](http://unifiedtransform.com)
- [Unifiedtransform GitHub Repository](https://github.com/changeweb/Unifiedtransform)
文件快照
[4.0K] /data/pocs/43cc87398cd4d45a88d0e83e3e1ca87a195b5791
└── [1.2K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。