VYPR
Medium severity5.3NVD Advisory· Published Jul 19, 2021· Updated Jun 17, 2026

CVE-2021-35967

CVE-2021-35967

Description

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • ORCA/ORCAllm-fuzzy
  • Learningdigital.com, Inc./Orca HCMv5
    Range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.