Wellchoose: Security Vulnerabilities
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
CVSS Score
7.1
EPSS Score
0.003
Published
2025-08-13
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-08-13
Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.
CVSS Score
8.8
EPSS Score
0.043
Published
2024-10-21
Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-10-21
Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells.
CVSS Score
8.8
EPSS Score
0.015
Published
2024-10-21
Page 2