CVE-2026-25753

Critical CVSS: 9.3

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

Vendor

Prasklatechnology

Product

Placipy

CWE

CWE-259

Yayın Tarihi

2026-02-06 19:16:10

Güncelleme

2026-02-11 19:03:15

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-259 Placipy CRITICAL Prasklatechnology 2026

Referanslar

https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-6537-cf56-j9w2

Benzer Kayıtlar

Critical

CVE-2026-25814

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query…

Critical

CVE-2026-25875

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorizatio…

Medium

CVE-2026-25811

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derive…

Critical

CVE-2026-25812

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enable…

High

CVE-2026-25813

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs h…

Medium

CVE-2026-25810

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes…