PT-2026-6779 · Placipy · Placipy

Th3Gowtham

·

Publicado

2026-02-06

·

Atualizado

2026-02-15

·

CVE-2026-25753

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PlaciPy version 1.0.0
Description PlaciPy, a placement management system for educational institutions, uses a hard-coded, static default password for all newly created student accounts in version 1.0.0. This allows for mass account takeover, enabling an attacker to log in as any student with knowledge of the password.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-259

Identificadores relacionados

CVE-2026-25753
GHSA-6537-CF56-J9W2

Produtos afetados

Placipy