Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,114 vulnerabilities with CWE-98

CVE-2026-41228 CRITICAL

Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution

CVE-2026-1620 HIGH

Livemesh Addons by Elementor <= 9.0 - Authenticated (Contributor+) Local File Inclusion via Widget Template Parameter

CVE-2026-39387 HIGH

BoidCMS: Local File Inclusion (LFI) leads to Remote Code Execution (RCE) via tpl parameter

CVE-2026-30480 MEDIUM

LibreNMS 22.11.0-23-gd091788f2 - LFI

CVE-2026-39684 HIGH

WordPress OrganicFood theme <= 3.6.4 - Local File Inclusion vulnerability

CVE-2026-39681 HIGH

WordPress Homeo theme <= 1.2.59 - Local File Inclusion vulnerability

CVE-2026-39679 HIGH

WordPress Freeio theme <= 1.3.21 - Local File Inclusion vulnerability

CVE-2026-39677 HIGH

WordPress Emphires theme <= 3.9 - Local File Inclusion vulnerability

CVE-2026-39623 HIGH

WordPress Biolife theme <= 3.2.3 - Local File Inclusion vulnerability

CVE-2026-39613 HIGH

WordPress Boutique theme <= 2.3.3 - Local File Inclusion vulnerability

CVE-2026-39611 HIGH

WordPress KuteShop theme <= 4.2.9 - Local File Inclusion vulnerability

CVE-2026-39544 HIGH

WordPress LabtechCO theme <= 8.3 - Local File Inclusion vulnerability

CVE-2026-39538 HIGH

WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability

CVE-2026-34787 MEDIUM

Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter

CVE-2026-34036 MEDIUM

Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php

CVE-2026-32537 HIGH

WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability

CVE-2026-32531 HIGH

WordPress Kunco theme < 1.4.5 - Local File Inclusion vulnerability

CVE-2026-32505 HIGH

WordPress Kiddy theme <= 2.0.8 - Local File Inclusion vulnerability

CVE-2026-32504 HIGH

WordPress VintWood theme <= 1.1.8 - Local File Inclusion vulnerability

CVE-2026-32503 HIGH

WordPress Trendustry theme <= 1.1.4 - Local File Inclusion vulnerability

CVE-2026-32500 HIGH

WordPress MetaMax theme <= 1.1.4 - Local File Inclusion vulnerability

CVE-2026-27081 HIGH

WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability

CVE-2026-27080 HIGH

WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability

CVE-2026-27079 HIGH

WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability

CVE-2026-27078 HIGH

WordPress Emaurri theme <= 1.0.1 - Local File Inclusion vulnerability

Page 1 of 45 Next

Details

Vulnerabilities 1,114

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy