Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,227 vulnerabilities with CWE-98

CVE-2025-22509 HIGH

TMRW-studio Atlas <2.1.0 - Code Injection

CVE-2025-14431 HIGH

THEMELOGI Navian <=1.5.4 - Code Injection

CVE-2025-14430 HIGH

ThemeMove Brook <2.8.9 - Code Injection

CVE-2025-14429 HIGH

ThemeMove AeroLand <1.6.6 - Code Injection

CVE-2025-14359 HIGH

Oshine < 7.3.0 - PHP Local File Inclusion

CVE-2025-12550 HIGH

jwsthemes OchaHouse <2.2.8 - Code Injection

CVE-2025-12549 HIGH

Magentech Rozy - Flower Shop <1.2.25 - Code Injection

CVE-2025-69081 HIGH

ThemeREX Group Hope <3.0.0 - Code Injection

CVE-2025-69080 HIGH

JanStudio Gecko <1.9.8 - Code Injection

CVE-2025-32304 HIGH

Mojoomla WPCHURCH <2.7.0 - Code Injection

CVE-2025-69356 HIGH

CodexThemes TheGem Theme Elements - Code Injection

CVE-2025-69342 HIGH

VanKarWai Calafate <1.7.7 - Code Injection

CVE-2025-69086 HIGH

Jwsthemes Issabella <1.1.2 - Code Injection

CVE-2025-69083 HIGH

Elated-Themes Frappé <1.8 - PHP Local File Inclusion

CVE-2025-69087 HIGH

jwsthemes FreeAgent <2.1.2 - Code Injection

CVE-2025-62753 HIGH

MadrasThemes MAS Videos <1.3.2 - Code Injection

CVE-2025-69034 HIGH

Lekker <= 1.8 - PHP Local File Inclusion

CVE-2025-68996 HIGH

Responsive Posts Carousel Pro - Code Injection

CVE-2025-68987 HIGH

Edge-Themes Cinerama <=2.4 - Code Injection

CVE-2025-68985 HIGH

thembay Aora <= 1.3.15 - PHP Local File Inclusion

CVE-2025-68984 HIGH

thembay Puca <= 2.6.39 - PHP Local File Inclusion

CVE-2025-68983 HIGH

Greenmart <= 4.2.11 - PHP Local File Inclusion

CVE-2025-68974 MEDIUM

miniOrange WordPress Social Login & Register <7.7.0 - Code Injection

CVE-2025-68870 HIGH

reDim GmbH CookieHint WP - Code Injection

CVE-2025-68877 HIGH

CedCommerce Integration for Good Market <1.0.6 - Code Injection

Previous Page 20 of 50 Next

Details

Vulnerabilities 1,227

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy