Unfiltered File Upload Vulnerability in Orca HCM Digital Learning Platform Allows Remote Code Execution

CVE-2021-35963 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks.

Learn more about our E Learning Pen Testing.