← Back

Wellchoose

wellchoose

15 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Organization Portal System
organization_portal_system
9 CVEs
Administrative Management System
administrative_management_system
3 CVEs
Single Sign On Portal System
single_sign-on_portal_system
3 CVEs

CVEs (15)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-3826
1Wellchoose
1Organization Portal System
Mar 17, 2026
Mar 11, 2026
9.3 CRITICAL· v4
9.8 CRITICAL· v3
N/A· v2
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
CVE-2026-3825
1Wellchoose
1Organization Portal System
Mar 17, 2026
Mar 11, 2026
5.1 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-3824
1Wellchoose
1Organization Portal System
Mar 17, 2026
Mar 11, 2026
5.1 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website.
CVE-2026-1429
1Wellchoose
1Single Sign On Portal System
Mar 11, 2026
Jan 26, 2026
4.8 MEDIUM· v4
5.4 MEDIUM· v3
N/A· v2
Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing at...Show more
Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.Show less
CVE-2026-1428
1Wellchoose
1Single Sign On Portal System
Mar 11, 2026
Jan 26, 2026
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2026-1427
1Wellchoose
1Single Sign On Portal System
Mar 11, 2026
Jan 26, 2026
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-8914
1Wellchoose
1Organization Portal System
Aug 21, 2025
Aug 13, 2025
7.1 HIGH· v4
7.5 HIGH· v3
N/A· v2
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2025-8913
1Wellchoose
1Organization Portal System
Aug 21, 2025
Aug 13, 2025
9.3 CRITICAL· v4
9.8 CRITICAL· v3
N/A· v2
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
CVE-2025-8912
1Wellchoose
1Organization Portal System
Aug 21, 2025
Aug 13, 2025
8.7 HIGH· v4
7.5 HIGH· v3
N/A· v2
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
CVE-2025-8911
1Wellchoose
1Organization Portal System
Aug 21, 2025
Aug 13, 2025
5.3 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing at...Show more
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.Show less
CVE-2025-8910
1Wellchoose
1Organization Portal System
Aug 21, 2025
Aug 13, 2025
5.3 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing at...Show more
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.Show less
CVE-2025-8909
1Wellchoose
1Organization Portal System
Aug 21, 2025
Aug 13, 2025
7.1 HIGH· v4
6.5 MEDIUM· v3
N/A· v2
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
CVE-2024-10202
1Wellchoose
1Administrative Management System
Oct 24, 2024
Oct 21, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.
CVE-2024-10201
1Wellchoose
1Administrative Management System
Oct 24, 2024
Oct 21, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells.
CVE-2024-10200
1Wellchoose
1Administrative Management System
Oct 24, 2024
Oct 21, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server.