5 matches found
CVE-2025-1388
CVE-2025-1388 concerns Orca HCM from Learning Digital, with an Arbitrary File Upload vulnerability that allows remote attackers with regular privileges to upload and run web shells. Descriptions across sources reiterate the same flaw and impact (high severity per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U...
CVE-2024-8584
CVE-2024-8584 affects Orca HCM by LEARNING DIGITAL and is described as a Missing Authentication vulnerability that allows an unauthenticated remote attacker to create an administrator account and log in. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8) indicates a critical imp...
CVE-2025-1387
CVE-2025-1387 affects Orca HCM from LEARNING DIGITAL. The connected sources describe an improper authentication vulnerability that allows unauthenticated remote attackers to log in as any user, indicating a severe impact (high confidentiality, integrity, and availability) per the CVSS vector: AV:...
CVE-2025-1389
CVE-2025-1389 pertains to Orca HCM by Learning Digital, where a SQL injection vulnerability exists in the application. The connected sources confirm that an attacker with regular privileges can inject arbitrary SQL commands to read, modify, and delete database contents. The issue is described con...
CVE-2024-8585
The CVE-2024-8585 issue is a path-traversal vulnerability in Learning Digital’s Orca HCM file-download function, where a parameter is not properly restricted. This permits a remote attacker with regular privileges to download arbitrary system files. Affected software: Orca HCM from LEARNING DIGIT...