Lucene search
K
LearningdigitalOrca Hcm

11 matches found

CVE
CVE
added 2025/02/17 3:59 a.m.87 views

CVE-2025-1388

CVE-2025-1388 concerns Orca HCM from Learning Digital, with an Arbitrary File Upload vulnerability that allows remote attackers with regular privileges to upload and run web shells. Descriptions across sources reiterate the same flaw and impact (high severity per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U...

8.8CVSS7.2AI score0.00483EPSS
CVE
CVE
added 2024/09/09 2:57 a.m.74 views

CVE-2024-8584

CVE-2024-8584 affects Orca HCM by LEARNING DIGITAL and is described as a Missing Authentication vulnerability that allows an unauthenticated remote attacker to create an administrator account and log in. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8) indicates a critical imp...

9.8CVSS9.7AI score0.00677EPSS
CVE
CVE
added 2025/02/17 3:40 a.m.67 views

CVE-2025-1387

CVE-2025-1387 affects Orca HCM from LEARNING DIGITAL. The connected sources describe an improper authentication vulnerability that allows unauthenticated remote attackers to log in as any user, indicating a severe impact (high confidentiality, integrity, and availability) per the CVSS vector: AV:...

9.8CVSS7.2AI score0.00538EPSS
CVE
CVE
added 2025/02/17 4:15 a.m.56 views

CVE-2025-1389

CVE-2025-1389 pertains to Orca HCM by Learning Digital, where a SQL injection vulnerability exists in the application. The connected sources confirm that an attacker with regular privileges can inject arbitrary SQL commands to read, modify, and delete database contents. The issue is described con...

8.8CVSS8.2AI score0.00466EPSS
CVE
CVE
added 2024/09/09 3:3 a.m.49 views

CVE-2024-8585

The CVE-2024-8585 issue is a path-traversal vulnerability in Learning Digital’s Orca HCM file-download function, where a parameter is not properly restricted. This permits a remote attacker with regular privileges to download arbitrary system files. Affected software: Orca HCM from LEARNING DIGIT...

6.5CVSS6.5AI score0.00673EPSS
CVE
CVE
added 2021/07/19 11:55 a.m.46 views

CVE-2021-35965

CVE-2021-35965 affects the Orca HCM digital learning platform. The vulnerability arises from a hard-coded, weak factory-default administrator password embedded in the webpage source, enabling remote attackers to gain administrator privileges without authentication. NVD specifies CVSSv3.1 base sco...

10CVSS9.6AI score0.02378EPSS
CVE
CVE
added 2021/07/19 11:55 a.m.45 views

CVE-2021-35963

The CVE-2021-35963 entry concerns Orca HCM from LearningDigital.com. A parameter in the platform’s upload function does not filter file formats, enabling remote unauthenticated attackers to upload files containing malicious scripts and execute RCE. This is supported by multiple sources (NVD entry...

10CVSS9.8AI score0.0241EPSS
CVE
CVE
added 2021/07/19 11:55 a.m.44 views

CVE-2021-35964

CVE-2021-35964 affects the Orca HCM digital learning platform. The admin/management page does not perform identity verification, enabling remote attackers to perform management functions without logging in. This can lead to access to members’ information and the ability to modify or delete course...

9.8CVSS8.7AI score0.01085EPSS
CVE
CVE
added 2021/07/19 11:55 a.m.40 views

CVE-2021-35966

CVE-2021-35966 affects LearningDigital’s Orca HCM digital learning platform. The issue is an input validation/filtration flaw that allows an open redirect to an arbitrary URL, enabling phishing attempts. The connected documents describe a URL redirection vulnerability with this platform but do no...

6.1CVSS6.5AI score0.00821EPSS
CVE
CVE
added 2021/07/19 11:55 a.m.38 views

CVE-2021-35968

The CVE-2021-35968 entry concerns LearningDigital’s Orca HCM digital learning platform. Affected component: the directory listing page parameter. Root cause: improper filtering of special characters enables Path Traversal. Impact: remote attackers could access system directories under the user’s ...

4.3CVSS4.7AI score0.01035EPSS
CVE
CVE
added 2021/07/19 11:55 a.m.33 views

CVE-2021-35967

The CVE-2021-35967 entry describes a Path Traversal vulnerability in the Orca HCM digital learning platform. The issue arises because the directory page parameter does not filter special characters, allowing remote attackers to access the system directory without authentication. The vulnerability...

5.3CVSS5.4AI score0.01318EPSS