Armaan Sidana

7 exploits Active since Mar 2025
CVE-2025-25614 NOMISEC HIGH WRITEUP
Changeweb Unifiedtransform - Improper Access Control
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
CVSS 8.8
CVE-2025-25615 NOMISEC LOW WRITEUP
Changeweb Unifiedtransform - Improper Access Control
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.
CVSS 2.7
CVE-2025-25616 NOMISEC MEDIUM WRITEUP
Changeweb Unifiedtransform - Improper Access Control
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.
CVSS 4.3
CVE-2025-25617 NOMISEC MEDIUM WRITEUP
Unifiedtransform 2.X - Privilege Escalation
Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus.
CVSS 4.3
CVE-2025-25618 NOMISEC LOW WRITEUP
Changeweb Unifiedtransform - Improper Access Control
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.
CVSS 3.3
CVE-2025-25620 NOMISEC MEDIUM WRITEUP
Changeweb Unifiedtransform - XSS
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
CVSS 5.4
CVE-2025-25621 NOMISEC MEDIUM WRITEUP
Changeweb Unifiedtransform - Improper Access Control
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1.
CVSS 4.3