CNNVD-202602-1269 Information

CNNVD ID

CNNVD-202602-1269

Related CVE

CVE-2026-25812

• CNNVD Published: 2026-02-09

Description (Chinese)

PlaciPy是Praskla Technology开源的一个综合性的就业管理系统，旨在为教育机构简化学生、培训人员和管理人员的就业流程。 PlaciPy 1.0.0版本存在跨站请求伪造漏洞，该漏洞源于启用凭据CORS请求但未实现任何CSRF保护机制，可能导致跨站请求伪造攻击。

Description (English)

PlaciPy is an integrated employment management system, which is an open source for Praskla Technology, and aims to simplify the employment process for students, trainers and managers in educational institutions. Version 1.0.0 of PlaciPy has a false gap in the cross-site request, which stems from the use of the CORES request but does not achieve any CSRF protection mechanism, which may lead to cross-site requests for false attacks.

Vulnerability Type

跨站请求伪造

Affected Vendor

Praskla Technology

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-99xx-fc63-wc39