Critical severity9.8NVD Advisory· Published Jul 19, 2021· Updated Jun 17, 2026
CVE-2021-35963
CVE-2021-35963
Description
The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Learningdigital.com, Inc./Orca HCMv5Range: unspecified
Patches
Vulnerability mechanics
References
2- www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25nvdThird Party Advisory
- www.twcert.org.tw/tw/cp-132-4923-d68e6-1.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.