Learningdigital Orca_hcm

11 CVEs affecting Learningdigital Orca_hcm. Latest disclosed: 2025-02-17. Critical: 4, High: 3.

Top CVEs affecting Learningdigital Orca_hcm
CVESeverityScorePublishedSummary
CVE-2025-1387Critical9.82025-02-17Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.
CVE-2024-8584Critical9.82024-09-09Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an…
CVE-2021-35965Critical9.82021-07-19The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text…
CVE-2021-35963Critical9.82021-07-19The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers…
CVE-2025-1389High8.82025-02-17Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify…
CVE-2025-1388High8.82025-02-17Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
CVE-2021-35964High7.32021-07-19The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management f…
CVE-2024-8585Medium6.52024-09-09Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privi…
CVE-2021-35966Medium6.12021-07-19The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any websi…
CVE-2021-35967Medium5.32021-07-19The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thr…
CVE-2021-35968Medium4.32021-07-19The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system…