cbcvebase.

Wellchoose Organization Portal System vulnerabilities

9 known vulnerabilities affecting wellchoose/organization_portal_system.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2026-3826P2CRITICALCVSS 9.8fixed in iftop_p4_1812026-03-11
CVE-2026-3826 [CRITICAL] CWE-98 CVE-2026-3826: IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated rem IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
nvd
CVE-2025-8913P2CRITICALCVSS 9.8fixed in IFTOP_P3_2_1_197≤ IFTOP_P3_2_1_1962025-08-13
CVE-2025-8913 [CRITICAL] CWE-98 CVE-2025-8913: Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowin Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
nvd
CVE-2025-8912P3HIGHCVSS 7.5fixed in IFTOP_P3_2_1_197≤ IFTOP_P3_2_1_1962025-08-13
CVE-2025-8912 [HIGH] CWE-36 CVE-2025-8912: Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allo Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
nvd
CVE-2025-8914P3HIGHCVSS 7.5fixed in IFTOP_P3_2_1_197≤ IFTOP_P3_2_1_1962025-08-13
CVE-2025-8914 [HIGH] CWE-89 CVE-2025-8914: Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unaut Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
nvd
CVE-2025-8909P3MEDIUMCVSS 6.5fixed in IFTOP_P3_2_1_197≤ IFTOP_P3_2_1_1962025-08-13
CVE-2025-8909 [MEDIUM] CWE-36 CVE-2025-8909: Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allo Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
nvd
CVE-2026-3824P4MEDIUMCVSS 6.1fixed in iftop_p4_1812026-03-11
CVE-2026-3824 [MEDIUM] CWE-601 CVE-2026-3824: IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote atta IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website.
nvd
CVE-2025-8910P4MEDIUMCVSS 6.1fixed in IFTOP_P3_2_1_197≤ IFTOP_P3_2_1_1962025-08-13
CVE-2025-8910 [MEDIUM] CWE-79 CVE-2025-8910: Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerabilit Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
nvd
CVE-2025-8911P4MEDIUMCVSS 6.1fixed in IFTOP_P3_2_1_197≤ IFTOP_P3_2_1_1962025-08-13
CVE-2025-8911 [MEDIUM] CWE-79 CVE-2025-8911: Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerabilit Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
nvd
CVE-2026-3825P4MEDIUMCVSS 6.1fixed in iftop_p4_1812026-03-11
CVE-2026-3825 [MEDIUM] CWE-79 CVE-2026-3825: IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authentic IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
nvd
Wellchoose Organization Portal System vulnerabilities | cvebase