VYPR
Critical severity9.8NVD Advisory· Published Jul 19, 2021· Updated Jun 17, 2026

CVE-2021-35963

CVE-2021-35963

Description

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Orca HCM/Orca HCMllm-create
  • Learningdigital.com, Inc./Orca HCMv5
    Range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.