CVE-2021-35967

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt