Placipy
Monthly
PlaciPy has an incorrect authorization allowing privilege escalation — seventh and final critical vulnerability.
PlaciPy has an injection vulnerability allowing user input to be processed as commands — sixth critical flaw.
Placipy versions up to 1.0.0 is affected by insertion of sensitive information into log file (CVSS 7.5).
Placipy 1.0.0 fails to implement CSRF protections while permitting credentialed cross-origin requests, allowing unauthenticated attackers to perform unauthorized actions on behalf of logged-in users through malicious websites. An attacker can exploit this vulnerability to modify placement records, access sensitive educational data, or compromise institutional operations without user knowledge. No patch is currently available.
PlaciPy has an incorrect authorization vulnerability — fifth of seven critical flaws.
PlaciPy has another missing authorization vulnerability — fourth of seven critical security flaws.
PlaciPy has a missing authorization vulnerability — third of seven critical security flaws.
PlaciPy placement system 1.0.0 has an improper authorization vulnerability enabling unauthenticated admin access — second of seven critical PlaciPy vulnerabilities.
PlaciPy is a placement management system designed for educational institutions. [CVSS 6.5 MEDIUM]
PlaciPy placement management system 1.0.0 uses a hard-coded password, allowing any attacker who discovers it to gain full system access.
PlaciPy has an incorrect authorization allowing privilege escalation — seventh and final critical vulnerability.
PlaciPy has an injection vulnerability allowing user input to be processed as commands — sixth critical flaw.
Placipy versions up to 1.0.0 is affected by insertion of sensitive information into log file (CVSS 7.5).
Placipy 1.0.0 fails to implement CSRF protections while permitting credentialed cross-origin requests, allowing unauthenticated attackers to perform unauthorized actions on behalf of logged-in users through malicious websites. An attacker can exploit this vulnerability to modify placement records, access sensitive educational data, or compromise institutional operations without user knowledge. No patch is currently available.
PlaciPy has an incorrect authorization vulnerability — fifth of seven critical flaws.
PlaciPy has another missing authorization vulnerability — fourth of seven critical security flaws.
PlaciPy has a missing authorization vulnerability — third of seven critical security flaws.
PlaciPy placement system 1.0.0 has an improper authorization vulnerability enabling unauthenticated admin access — second of seven critical PlaciPy vulnerabilities.
PlaciPy is a placement management system designed for educational institutions. [CVSS 6.5 MEDIUM]
PlaciPy placement management system 1.0.0 uses a hard-coded password, allowing any attacker who discovers it to gain full system access.