Organization Portal System
CVE-2025-8914
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
AnalysisAI
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. Affected products include: Wellchoose Organization Portal System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Organization Portal System
View allLFI to RCE in IFTOP by WellChoose.
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated re
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attacker
Reflected XSS in the Organization Portal System's IFTOP module enables authenticated attackers to inject malicious JavaS
WellChoose's IFTOP Organization Portal System contains an open redirect vulnerability that permits authenticated attacke
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthen
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthen
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today