17 matches found
CVE-2026-25753
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
CVE-2026-25753
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
CVE-2026-25753
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
EUVD-2026-5623
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
CVE-2026-25753
PlaciPy (educational placement system) v1.0.0 has a hard-coded, static default password for all newly created student accounts, enabling mass account takeover. The vulnerability, described across multiple sources (NVD, Red Hat, CVE lists, OSV, ENISA, Attackerkb), states that any attacker who know...
CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
PlaciPy 安全漏洞
PlaciPy is an open-source employment management system developed by Praskla Technology. It aims to simplify the employment processes for students, trainers, and administrators in educational institutions. Version 1.0.0 of PlaciPy contains a security vulnerability. This vulnerability stems from th...
PT-2026-6779
Name of the Vulnerable Software and Affected Versions PlaciPy version 1.0.0 Description PlaciPy, a placement management system for educational institutions, uses a hard-coded, static default password for all newly created student accounts in version 1.0.0. This allows for mass account takeover,...
CVE-2025-65669
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction...
EUVD-2025-199746
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction...
PT-2025-48177
Name of the Vulnerable Software and Affected Versions classroomio version 0.1.13 Description Student accounts can delete courses from the Explore page without proper authorization or authentication. This bypasses the restriction that course deletion should only be possible for administrators. The...
CVE-2025-65669
Summary: CVE-2025-65669 affects classroomio 0.1.13, where student accounts can delete courses from the Explore page without authorization, bypassing admin-only checks. Root cause (as described): missing authorization checks in the delete path. Impact: potential unauthorized course deletion with h...
CVE-2023-1480
A vulnerability classified as critical was found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument un leads to sql injection...
CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...
Privilege Escalation
Moodle is vulnerable to privilege escalations. On big installations, when the sync script was run it would improperly assign a manager role to suspended student accounts, granting these accounts the same access rights as a manager role...