Description
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.
References
https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html
https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html