PT-2026-7156 · Placipy · Placipy
Th3Gowtham
·
Published
2026-02-09
·
Updated
2026-02-09
·
CVE-2026-25810
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
PlaciPy version 1.0.0
Description
PlaciPy is a placement management system for educational institutions. Version 1.0.0 does not enforce object-level authorization (ownership checks) despite verifying authentication in the
backend/src/routes/student.submission.routes.ts file. This allows unauthorized access to student submissions. The affected route is student.submission.routes.ts.Recommendations
Implement object-level authorization checks to ensure users can only access their own submissions.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Placipy