Learning Digital
Products
1- 5 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-1389 | 0.00 | — | 0.00 | Feb 17, 2025 | Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. | ||
| CVE-2025-1388 | 0.00 | — | 0.01 | Feb 17, 2025 | Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells | ||
| CVE-2025-1387 | 0.00 | — | 0.01 | Feb 17, 2025 | Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user. | ||
| CVE-2024-8585 | 0.00 | — | 0.00 | Sep 9, 2024 | Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files. | ||
| CVE-2024-8584 | 0.00 | — | 0.01 | Sep 9, 2024 | Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. |
- CVE-2025-1389Feb 17, 2025risk 0.00cvss —epss 0.00
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
- CVE-2025-1388Feb 17, 2025risk 0.00cvss —epss 0.01
Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
- CVE-2025-1387Feb 17, 2025risk 0.00cvss —epss 0.01
Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.
- CVE-2024-8585Sep 9, 2024risk 0.00cvss —epss 0.00
Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files.
- CVE-2024-8584Sep 9, 2024risk 0.00cvss —epss 0.01
Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.