Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,227 vulnerabilities with CWE-98

CVE-2025-68905 HIGH

JNews - Pay Writer <11.0.0 - Code Injection

CVE-2025-68510 HIGH

ThemeGoods Photography < 7.7.5 - Code Injection

CVE-2025-67957 HIGH

TangibleWP Listivo Core <2.3.77 - Code Injection

CVE-2025-67955 HIGH

TangibleWP MyHome Core <4.1.0 - Code Injection

CVE-2025-67946 HIGH

scriptsbundle AdForest <6.0.11 - Code Injection

CVE-2025-67941 HIGH

Elated-Themes The Aisle < 2.9.1 - Code Injection

CVE-2025-67940 HIGH

Mikado-Themes Powerlift <3.2.1 - Code Injection

CVE-2025-67938 HIGH

Mikado-Themes Biagiotti <3.5.2 - Code Injection

CVE-2025-67616 HIGH

BZOTheme Mella <= 1.2.29 - Code Injection

CVE-2025-67615 HIGH

bslthemes Myour <1.5.2 - Code Injection

CVE-2025-63017 HIGH

WerkStatt Plugin <1.6.7 - Code Injection

CVE-2025-54003 HIGH

Mikado-Themes Depot <1.17 - Code Injection

CVE-2025-50003 HIGH

Axiomthemes Amuli <2.3.0 - Code Injection

CVE-2025-49994 HIGH

ovatheme Athens <1.1.6 - Code Injection

CVE-2025-47474 HIGH

Ninetheme Anarkali <1.0.9 - Code Injection

CVE-2025-14502 CRITICAL

News and Blog Designer Bundle <1.1 - Local File Inclusion

CVE-2025-67937 HIGH

Hendon < 1.7 - PHP Local File Inclusion

CVE-2025-67936 HIGH

Curly < 3.3 - PHP Local File Inclusion

CVE-2025-67935 HIGH

Mikado-Themes Optimize < 2.4 - PHP Local File Inclusion

CVE-2025-67934 HIGH

Wellspring < 2.8 - Local File Inclusion

CVE-2025-67925 HIGH

zozothemes Corpkit <2.0. - Code Injection

CVE-2025-67920 HIGH

Elated-Themes Neo Ocular <1.2 - Code Injection

CVE-2025-22712 HIGH

QantumThemes Typify <= 3.0.2 - Code Injection

CVE-2025-22708 HIGH

ThemeMove Mitech <= 2.3.4 - PHP Local File Inclusion

CVE-2025-22707 HIGH

ThemeMove Moody < 2.7.3 - PHP Local File Inclusion

Previous Page 19 of 50 Next

Details

Vulnerabilities 1,227

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy