CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,149 vulnerabilities with CWE-98
CVE-2025-68539 HIGH
thembay Fana <=1.1.35 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-68536 HIGH
Thembay Zota <=1.3.14 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-67992 HIGH
LoftOcean PatioTime < 2.1 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-67988 HIGH
CozyStay <1.9.1 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-67982 HIGH
Urna <=2.5.12 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-67981 HIGH
Thembay Besa <=2.3.15 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-67980 HIGH
thembay Hara <=1.2.17 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60087 HIGH
Extensive VC Addons for WPBakery <=1.9.1 - PHP RFI
CVSS 8.1
CVE-2025-15368 HIGH
WordPress SportsPress <= 2.7.26 - Contributor Local File Inclusion Code Execution
CVSS 8.8
CVE-2025-69314 HIGH
Werkstatt < 4.8.3 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-69100 HIGH
North <= 5.7.5 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-69078 HIGH
AncoraThemes Malta <1.3.3 - Code Injection
CVSS 8.1
CVE-2025-69077 HIGH
AncoraThemes Hobo <=1.0.10 - Code Injection
CVSS 8.1
CVE-2025-69076 HIGH
AncoraThemes Modern Housewife <= 1.0.12 - Code Injection
CVSS 8.1
CVE-2025-69075 HIGH
AncoraThemes Yolox <1.0.15 - Code Injection
CVSS 8.1
CVE-2025-69074 HIGH
Pearson Specter <1.11.3 - Code Injection
CVSS 8.1
CVE-2025-69073 HIGH
AncoraThemes Piqes <= 1.0.11 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-69072 HIGH
AncoraThemes Prider <1.1.3.1 - Code Injection
CVSS 8.1
CVE-2025-69071 HIGH
AncoraThemes TanTum - Code Injection
CVSS 8.1
CVE-2025-69070 HIGH
AncoraThemes Tornados - Code Injection
CVSS 8.1
CVE-2025-69068 HIGH
AncoraThemes Muji <=1.2.0 - Code Injection
CVSS 8.1
CVE-2025-69067 HIGH
AncoraThemes Tails <1.4.12 - Code Injection
CVSS 8.1
CVE-2025-69066 HIGH
AncoraThemes Indoor Plants <1.2.8 - Code Injection
CVSS 8.1
CVE-2025-69065 HIGH
AncoraThemes Snow Mountain <=1.4.3 - Code Injection
CVSS 8.1
CVE-2025-69064 HIGH
AncoraThemes Pets Land <=1.2.8 - Code Injection
CVSS 8.1
Details
Vulnerabilities 1,149
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits