CVE-2026-3826
CRITICAL WAF: High
CVSS 9.8
Published: 2026-03-11
CWE-98
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
WAF Coverage Analysis
PHP Remote File Inclusion
High WAF Coverage
OWASP: A03:2021 Injection
931xxx - Remote File Inclusion 933xxx - PHP Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| wellchoose | organization_portal_system | up to iftop_p4_181 |
References
- www.twcert.org.tw (Third Party Advisory)
- www.twcert.org.tw (Third Party Advisory)