CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic Learning System
Summary
Vulnerability List
- [CVE-2021-35963] Orca HCM - Unrestricted Upload of File with Dangerous Type
- [CVE-2021-35964] Orca HCM - Broken Authentication
- [CVE-2021-35965] Orca HCM - Hard-coded password
Details
1. Orca HCM - Unrestricted Upload of File with Dangerous Type
Description
The specific parameters of the upload function of the digital learning platform do not properly filter file format, so that remote attackers do not need to login, and can upload files with malicious script content for remote execution code (RCE) attacks.
Impact
Attackers can upload unrestricted files that would allow attackers to gain access in the hosting machine.
2. Orca HCM - Broken Authentication
Description
Attackers can use a specific URL to access unauthorized functionality and data.
Impact
Remote attackers can use some of the management functions, view member information, and modify or delete courses.
3. Orca HCM - Hard-coded password
Description
The digital learning platform contains a default administrator password, which is hard-coded in the config file that can be accessed with specific URL.
Impact
Remote attackers can obtain administrator password for further attack.
Version
Orca HCM v10.0
Credits
* Jalong Chen (CHT Security)