1 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8042-f9f26-2.html https://www.twcert.org.tw/tw/cp-132-8041-dfbf9-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •