1 results (0.003 seconds)
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0
CVE-2024-8585 – LEARNING DIGITAL Orca HCM - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2024-8585
Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8042-f9f26-2.html https://www.twcert.org.tw/tw/cp-132-8041-dfbf9-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •