CNNVD-202602-1267 Information

CNNVD ID

CNNVD-202602-1267

Related CVE

CVE-2026-25814

• CNNVD Published: 2026-02-09

Description (Chinese)

PlaciPy是Praskla Technology开源的一个综合性的就业管理系统，旨在为教育机构简化学生、培训人员和管理人员的就业流程。 PlaciPy 1.0.0版本存在注入漏洞，该漏洞源于用户控制的查询参数未经验证或清理直接传递到DynamoDB查询/过滤器构造中，可能导致注入攻击。

Description (English)

PlaciPy is an integrated employment management system, which is an open source for Praskla Technology, and aims to simplify the employment process for students, trainers and managers in educational institutions. Version 1.0.0 of PlaciPy has an injection loophole, which stems from the unverified or clean-up of user-controlled query parameters that are transmitted directly to the DynamoDB query/filter structure, which may lead to an injection attack.

Vulnerability Type

注入

Affected Vendor

Praskla Technology

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-gmg6-mv7g-xjfv