Primary

Context

Learning Digital Orca HCM Arbitrary File Upload Vulnerability Allowing Web Shell Execution

Vulnerability

Patched

An arbitrary file upload vulnerability has been identified in Orca HCM from Learning Digital, affecting versions prior to 11.0. This vulnerability allows remote attackers with regular privileges to upload and execute web shells on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, allowing attackers to execute malicious scripts on the server via uploaded web shells.

Remediation

Users are advised to update to Orca HCM version 11.0 or later. Customized users should contact the vendor for update instructions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Learning Digital Orca HCM Arbitrary File Upload Vulnerability Allowing Web Shell Execution

Vulnerability

Impact

Remediation

Affected Products

Learning Digital Orca HCM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating