Sql injection

SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information...

CVE-2021-25201

CVE-2021-25201 corresponds to an SQL injection vulnerability in Learning Management System v1.0 where the id parameter is exploited to execute arbitrary SQL and potentially expose sensitive database information. Multiple connected sources corroborate the issue and its impact; no details on affect...

CVE-2021-25201

SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information...

Forma Learning Management System SQL注入漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Learning Management System v 1.0, which can be exploited by remote attackers to execute arbitrary SQL statements via the id parameter and obtain sensitive database information...

CVE-2021-35966

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks...

CVE-2021-35968

The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges...

CVE-2021-35966

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks...

CVE-2021-35967

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in...

CVE-2021-35964

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the...

CVE-2021-35968

The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges...

Design/Logic Flaw

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks...

Path traversal

The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges...

CVE-2021-35968

The CVE-2021-35968 entry concerns LearningDigital’s Orca HCM digital learning platform. Affected component: the directory listing page parameter. Root cause: improper filtering of special characters enables Path Traversal. Impact: remote attackers could access system directories under the user’s ...

CVE-2021-35967

The CVE-2021-35967 entry describes a Path Traversal vulnerability in the Orca HCM digital learning platform. The issue arises because the directory page parameter does not filter special characters, allowing remote attackers to access the system directory without authentication. The vulnerability...

CVE-2021-35966

CVE-2021-35966 affects LearningDigital’s Orca HCM digital learning platform. The issue is an input validation/filtration flaw that allows an open redirect to an arbitrary URL, enabling phishing attempts. The connected documents describe a URL redirection vulnerability with this platform but do no...

CVE-2021-35965

CVE-2021-35965 affects the Orca HCM digital learning platform. The vulnerability arises from a hard-coded, weak factory-default administrator password embedded in the webpage source, enabling remote attackers to gain administrator privileges without authentication. NVD specifies CVSSv3.1 base sco...

CVE-2021-35964

CVE-2021-35964 affects the Orca HCM digital learning platform. The admin/management page does not perform identity verification, enabling remote attackers to perform management functions without logging in. This can lead to access to members’ information and the ability to modify or delete course...

CVE-2021-35964 Learningdigital.com, Inc. Orca HCM - Broken Authentication

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the...

CVE-2021-35963

The CVE-2021-35963 entry concerns Orca HCM from LearningDigital.com. A parameter in the platform’s upload function does not filter file formats, enabling remote unauthenticated attackers to upload files containing malicious scripts and execute RCE. This is supported by multiple sources (NVD entry...

LearningDigital Orca HCM digital learning platform 授权问题漏洞

LearningDigital Orca HCM digital learning platform is a digital learning platform from China's LearningDigital. The Orca HCM digital learning platform suffers from an authorization issue vulnerability, which stems from the lack of authentication on the administration page, which allows remote...