Primary

Context

Orca HCM SQL Injection Vulnerability

Vulnerability

Patched

A SQL injection vulnerability has been identified in Orca HCM by Learning Digital, affecting versions prior to 11.0. This vulnerability allows attackers with regular privileges to inject arbitrary SQL commands, potentially leading to unauthorized reading, modification, or deletion of database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could result in unauthorized access to data, modification of data, or deletion of database records.

Remediation

Users are advised to update to version 11.0 or later. Customized users should contact the vendor for update instructions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Orca HCM SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Learning Digital Orca HCM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating