Filtered by vendor Wellchoose
Subscribe
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8909 | 1 Wellchoose | 1 Organization Portal System | 2025-08-21 | N/A | 6.5 MEDIUM |
| Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. | |||||
| CVE-2025-8910 | 1 Wellchoose | 1 Organization Portal System | 2025-08-21 | N/A | 6.1 MEDIUM |
| Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | |||||
| CVE-2025-8911 | 1 Wellchoose | 1 Organization Portal System | 2025-08-21 | N/A | 6.1 MEDIUM |
| Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | |||||
| CVE-2025-8912 | 1 Wellchoose | 1 Organization Portal System | 2025-08-21 | N/A | 7.5 HIGH |
| Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. | |||||
| CVE-2025-8913 | 1 Wellchoose | 1 Organization Portal System | 2025-08-21 | N/A | 9.8 CRITICAL |
| Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. | |||||
| CVE-2025-8914 | 1 Wellchoose | 1 Organization Portal System | 2025-08-21 | N/A | 6.5 MEDIUM |
| Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | |||||
| CVE-2024-10200 | 1 Wellchoose | 1 Administrative Management System | 2024-10-24 | N/A | 7.5 HIGH |
| Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server. | |||||
| CVE-2024-10201 | 1 Wellchoose | 1 Administrative Management System | 2024-10-24 | N/A | 8.8 HIGH |
| Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells. | |||||
| CVE-2024-10202 | 1 Wellchoose | 1 Administrative Management System | 2024-10-24 | N/A | 8.8 HIGH |
| Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | |||||