EUVD-2021-22597

Malware in sbrugna...

CVE-2021-35966

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks...

CVE-2021-35967

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in...

CVE-2021-35964

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the...

CVE-2021-35968

The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges...

CVE-2021-35968

The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges...

Design/Logic Flaw

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks...

Path traversal

The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges...

CVE-2021-35968

The CVE-2021-35968 entry concerns LearningDigital’s Orca HCM digital learning platform. Affected component: the directory listing page parameter. Root cause: improper filtering of special characters enables Path Traversal. Impact: remote attackers could access system directories under the user’s ...

CVE-2021-35967

The CVE-2021-35967 entry describes a Path Traversal vulnerability in the Orca HCM digital learning platform. The issue arises because the directory page parameter does not filter special characters, allowing remote attackers to access the system directory without authentication. The vulnerability...

CVE-2021-35966

CVE-2021-35966 affects LearningDigital’s Orca HCM digital learning platform. The issue is an input validation/filtration flaw that allows an open redirect to an arbitrary URL, enabling phishing attempts. The connected documents describe a URL redirection vulnerability with this platform but do no...

CVE-2021-35965

CVE-2021-35965 affects the Orca HCM digital learning platform. The vulnerability arises from a hard-coded, weak factory-default administrator password embedded in the webpage source, enabling remote attackers to gain administrator privileges without authentication. NVD specifies CVSSv3.1 base sco...

CVE-2021-35964

CVE-2021-35964 affects the Orca HCM digital learning platform. The admin/management page does not perform identity verification, enabling remote attackers to perform management functions without logging in. This can lead to access to members’ information and the ability to modify or delete course...

CVE-2021-35963

The CVE-2021-35963 entry concerns Orca HCM from LearningDigital.com. A parameter in the platform’s upload function does not filter file formats, enabling remote unauthenticated attackers to upload files containing malicious scripts and execute RCE. This is supported by multiple sources (NVD entry...

SQL Injection Vulnerability in Digital Learning Resource Platform of Higher Education Publishing House

Digital Learning Resource Platform is a digital product of Higher Education Press, a practical, effective and scalable CMS system. SQL injection vulnerability exists in the Digital Learning Resource Platform of Higher Education Publishing House, which can be exploited by an attacker to obtain...

SQL Injection Vulnerability in the Website Building System of National Digital Learning Resource Center (CNVD-2020-40611)

The National Center for Digital Learning Resources NCDLR is a business unit specializing in the research, development, promotion and service of digital learning resources and education informatization software. There is a SQL injection vulnerability in the National Digital Learning Resource...

National Center for Digital Learning Resources cms system has script upload vulnerability

National Center for Digital Learning Resources cms system script upload vulnerability, in fact, is the remote download did not change the name of the...