Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PlaciPy Admin Privilege Escalation via Trusted JWT Claims
Vulnerability Description
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims (role and scope) without enforcing server-side role verification.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
PlaciPy 安全漏洞
Vulnerability Description
PlaciPy是Praskla Technology开源的一个综合性的就业管理系统,旨在为教育机构简化学生、培训人员和管理人员的就业流程。 PlaciPy 1.0.0版本存在安全漏洞,该漏洞源于管理员授权中间件信任客户端控制的JWT声明而未执行服务器端角色验证,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A