CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,149 vulnerabilities with CWE-98
CVE-2025-69062 HIGH
AncoraThemes Weedles <=1.1.12 - Code Injection
CVSS 8.1
CVE-2025-69061 HIGH
AncoraThemes MoveMe <= 1.2.15 - Code Injection
CVSS 8.1
CVE-2025-69060 HIGH
AncoraThemes uReach <=1.3.3 - Code Injection
CVSS 8.1
CVE-2025-69059 HIGH
AncoraThemes DiveIt <1.4.3 - Code Injection
CVSS 8.1
CVE-2025-69058 HIGH
AncoraThemes PartyMaker <1.1.15 - Code Injection
CVSS 8.1
CVE-2025-69057 HIGH
Edge-Themes Eldon <= 1.0 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-69050 HIGH
Edge-Themes Overworld <1.4 - Code Injection
CVSS 8.1
CVE-2025-69049 HIGH
Elated-Themes Töbel <=1.6 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-69047 HIGH
Magentech MaxShop <3.6.20 - Code Injection
CVSS 8.1
CVE-2025-69046 HIGH
WebGeniusLab iRecco Core <1.3.6 - Code Injection
CVSS 8.1
CVE-2025-69044 HIGH
goalthemes Vango <= 1.3.3 - Code Injection
CVSS 8.1
CVE-2025-69043 HIGH
Rashy <= 1.1.3 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-69042 HIGH
goalthemes Lindo <1.2.6 - Code Injection
CVSS 8.1
CVE-2025-69041 HIGH
goalthemes Dekoro <1.0.8 - Code Injection
CVSS 8.1
CVE-2025-69040 HIGH
goalthemes Bfres <1.2.1 - Code Injection
CVSS 8.1
CVE-2025-69039 HIGH
goalthemes Bailly <1.3.4 - Code Injection
CVSS 8.1
CVE-2025-69038 HIGH
goalthemes Hyori <= 1.3.6 - Code Injection
CVSS 8.1
CVE-2025-69037 HIGH
goalthemes Pippo <= 1.2.3 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-69005 HIGH
Elated-Themes Search & Go <2.9 - Code Injection
CVSS 8.1
CVE-2025-69004 HIGH
XpeedStudio Bajaar <= 2.1.0 - Code Injection
CVSS 8.1
CVE-2025-68913 HIGH
zozothemes Miion <1.2.8 - Code Injection
CVSS 7.5
CVE-2025-68908 HIGH
Barberry <2.9.9.87 - Code Injection
CVSS 8.1
CVE-2025-68905 HIGH
JNews - Pay Writer <11.0.0 - Code Injection
CVSS 7.5
CVE-2025-68510 HIGH
ThemeGoods Photography < 7.7.5 - Code Injection
CVSS 8.1
CVE-2025-67957 HIGH
TangibleWP Listivo Core <2.3.77 - Code Injection
CVSS 8.1
Details
Vulnerabilities 1,149
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits