CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,227 vulnerabilities with CWE-98
CVE-2025-68552 HIGH
WooCommerce Coming Soon Product <=5.0 - PHP LFI
CVSS 7.5
CVE-2025-68545 HIGH
thembay Nika <=1.2.14 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-68543 HIGH
Thembay Diza <=1.3.15 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-68539 HIGH
thembay Fana <=1.1.35 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-68536 HIGH
Thembay Zota <=1.3.14 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-67992 HIGH
LoftOcean PatioTime < 2.1 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-67988 HIGH
CozyStay <1.9.1 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-67982 HIGH
Urna <=2.5.12 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-67981 HIGH
Thembay Besa <=2.3.15 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-67980 HIGH
thembay Hara <=1.2.17 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60087 HIGH
Extensive VC Addons for WPBakery <=1.9.1 - PHP RFI
CVSS 8.1
CVE-2025-15368 HIGH
WordPress SportsPress <= 2.7.26 - Contributor Local File Inclusion Code Execution
CVSS 8.8
CVE-2025-69314 HIGH
Werkstatt < 4.8.3 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-69100 HIGH
North <= 5.7.5 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-69078 HIGH
AncoraThemes Malta <1.3.3 - Code Injection
CVSS 8.1
CVE-2025-69077 HIGH
AncoraThemes Hobo <=1.0.10 - Code Injection
CVSS 8.1
CVE-2025-69076 HIGH
AncoraThemes Modern Housewife <= 1.0.12 - Code Injection
CVSS 8.1
CVE-2025-69075 HIGH
AncoraThemes Yolox <1.0.15 - Code Injection
CVSS 8.1
CVE-2025-69074 HIGH
Pearson Specter <1.11.3 - Code Injection
CVSS 8.1
CVE-2025-69073 HIGH
AncoraThemes Piqes <= 1.0.11 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-69072 HIGH
AncoraThemes Prider <1.1.3.1 - Code Injection
CVSS 8.1
CVE-2025-69071 HIGH
AncoraThemes TanTum - Code Injection
CVSS 8.1
CVE-2025-69070 HIGH
AncoraThemes Tornados - Code Injection
CVSS 8.1
CVE-2025-69068 HIGH
AncoraThemes Muji <=1.2.0 - Code Injection
CVSS 8.1
CVE-2025-69067 HIGH
AncoraThemes Tails <1.4.12 - Code Injection
CVSS 8.1
Details
Vulnerabilities 1,227
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits