exploitDog

CVE-2021-35963

Опубликовано: 19 июл. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks.

Ссылки

https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4923-d68e6-1.html
Third Party Advisory
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4923-d68e6-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:*

Версия до 10.0 (включая)

EPSS

Процентиль: 84%

0.02108

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-88p5-c2jc-45fr

github

больше 3 лет назад

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks.

EPSS

Процентиль: 84%

0.02108

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-434