Learning Digital Orca Hcm vulnerabilities
5 known vulnerabilities affecting learning_digital/orca_hcm.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-1387P2CRITICALCVSS 9.8fixed in 11.02025-02-17
CVE-2025-1387 [CRITICAL] CWE-1390 CVE-2025-1387: Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticate
Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.
nvd
CVE-2024-8584P2CRITICALCVSS 9.8fixed in 11.02024-09-09
CVE-2024-8584 [CRITICAL] CWE-306 CVE-2024-8584: Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated
Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.
nvd
CVE-2025-1388P2HIGHCVSS 8.8fixed in 11.02025-02-17
CVE-2025-1388 [HIGH] CWE-434 CVE-2025-1388: Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers
Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
nvd
CVE-2025-1389P3HIGHCVSS 8.8fixed in 11.02025-02-17
CVE-2025-1389 [HIGH] CWE-89 CVE-2025-1389: Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular pr
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
nvd
CVE-2024-8585P3MEDIUMCVSS 6.5fixed in 11.02024-09-09
CVE-2024-8585 [MEDIUM] CWE-22 CVE-2024-8585: Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download f
Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files.
nvd