Stefen4747

**Name of the Vulnerable Software and Affected Versions** PlaciPy version 1.0.0 **Description** PlaciPy is a placement management system for educational institutions. The GET `/api/students/:email`, PUT `/api/students/:email/status`, and DELETE `/api/students/:email` routes do not enforce authorization. The application does not verify if the authenticated user owns the student record, has an administrative role, or is permitted to modify or delete the student data. The vulnerable parameter is `email`. **Recommendations** Implement authorization checks for the GET `/api/students/:email`, PUT `/api/students/:email/status`, and DELETE `/api/students/:email` routes to ensure that only authorized users can access and modify student records.