Highth3Gowhampublished

**Name of the Vulnerable Software and Affected Versions** PlaciPy version 1.0.0 **Description** PlaciPy is a placement management system for educational institutions. Version 1.0.0 does not enforce object-level authorization, specifically ownership checks, despite verifying authentication in the `/backend/src/routes/results.routes.ts` route. This allows unauthorized access to data, such as retrieving all results for an assessment. The vulnerable route is `/backend/src/routes/results.routes.ts`. **Recommendations** Implement object-level authorization checks to ensure users can only access data they are authorized to view.