Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HLearningdigital Orca Hcm
APPLearningdigital< 11.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-1387CRITICAL9.8PL ✓ten sam produkt
Orca HCM — Improper Authentication umożliwiające logowanie jako dowolny użytkownik
CVE-2024-8584CRITICAL9.8PL ✓ten sam produkt
Orca HCM: brak uwierzytelnienia umożliwia tworzenie kont administratora
CVE-2021-35963CRITICAL9.8ten sam produkt
The specific parameter of upload function of the Orca HCM digital learning platform does not filter file forma...
CVE-2021-35965CRITICAL9.8ten sam produkt
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded...
CVE-2025-1389HIGH8.8ten sam produkt
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges t...