Learningdigital Orca_hcm
11 CVEs affecting Learningdigital Orca_hcm. Latest disclosed: 2025-02-17. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-1387 | Critical | 9.8 | 2025-02-17 | Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user. |
CVE-2024-8584 | Critical | 9.8 | 2024-09-09 | Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an… |
CVE-2021-35965 | Critical | 9.8 | 2021-07-19 | The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text… |
CVE-2021-35963 | Critical | 9.8 | 2021-07-19 | The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers… |
CVE-2025-1389 | High | 8.8 | 2025-02-17 | Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify… |
CVE-2025-1388 | High | 8.8 | 2025-02-17 | Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells |
CVE-2021-35964 | High | 7.3 | 2021-07-19 | The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management f… |
CVE-2024-8585 | Medium | 6.5 | 2024-09-09 | Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privi… |
CVE-2021-35966 | Medium | 6.1 | 2021-07-19 | The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any websi… |
CVE-2021-35967 | Medium | 5.3 | 2021-07-19 | The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thr… |
CVE-2021-35968 | Medium | 4.3 | 2021-07-19 | The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system… |