Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

986 vulnerabilities with CWE-98

CVE-2026-28129 HIGH

Little Birdies <=1.3.16 - PHP Local File Inclusion

CVE-2026-28128 HIGH

ThemeREX Verse <=1.7.0 - PHP Local File Inclusion

CVE-2026-28125 HIGH

Midi <=1.14 - PHP Local File Inclusion

CVE-2026-28124 HIGH

AncoraThemes Notarius <=1.9 - PHP Local File Inclusion

CVE-2026-28123 HIGH

AncoraThemes Veil <=1.9 - PHP Local File Inclusion

CVE-2026-28121 HIGH

AncoraThemes Anderson <=1.4.2 - PHP RFI

CVE-2026-28120 HIGH

ThemeREX Dr.Patterson <=1.3.2 - PHP RFI

CVE-2026-28119 HIGH

axiomthemes Nirvana <=2.6 - PHP RFI

CVE-2026-28118 HIGH

Welldone <=2.4 - PHP Local File Inclusion

CVE-2026-28117 HIGH

axiomthemes smart SEO <=2.9 - PHP RFI

CVE-2026-28107 HIGH

ThemeREX Muzicon <=1.9.0 - PHP Local File Inclusion

CVE-2026-28098 HIGH

ThemeREX Save Life <=1.2.13 - PHP LFI

CVE-2026-28097 HIGH

ThemeREX Artrium <=1.0.14 - PHP Local File Inclusion

CVE-2026-28096 HIGH

ThemeREX WealthCo <=2.18 - PHP Local File Inclusion

CVE-2026-28095 HIGH

ThemeREX Marcell <=1.2.14 - PHP Local File Inclusion

CVE-2026-28094 HIGH

ThemeREX RexCoin <=1.2.6 - PHP Local File Inclusion

CVE-2026-28093 HIGH

ThemeREX Ozisti <=1.1.10 - PHP Local File Inclusion

CVE-2026-28092 HIGH

ThemeREX Sounder <=1.3.11 - PHP Local File Inclusion

CVE-2026-28091 HIGH

ThemeREX Coleo <=1.1.7 - PHP Local File Inclusion

CVE-2026-28090 HIGH

ThemeREX Gamezone <=1.1.11 - PHP Local File Inclusion

CVE-2026-28089 HIGH

ThemeREX Daiquiri <=1.2.4 - PHP Local File Inclusion

CVE-2026-28088 HIGH

ThemeREX Aqualots <=1.1.6 - PHP Local File Inclusion

CVE-2026-28087 HIGH

ThemeREX Filmax <=1.1.11 - PHP Local File Inclusion

CVE-2026-28086 HIGH

ThemeREX Run Gran <=2.0 - PHP Local File Inclusion

CVE-2026-28085 HIGH

ThemeREX Mahogany <=2.9 - PHP Local File Inclusion

Page 1 of 40 Next

Details

Vulnerabilities 986

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy