CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98
CVE-2025-68877 HIGH
CedCommerce Integration for Good Market <1.0.6 - Code Injection
CVSS 7.5
CVE-2025-68563 HIGH
WP Shuffle Subscribe to Unlock Lite <1.3.0 - Code Injection
CVSS 7.5
CVE-2025-68540 HIGH
Fana <= 1.1.35 - PHP Local File Inclusion
CVSS 7.5
CVE-2025-68537 HIGH
Zota <= 1.3.14 - PHP Local File Inclusion
CVSS 7.5
CVE-2025-68530 HIGH
pavothemes Bookory <2.2.7 - Code Injection
CVSS 7.5
CVE-2025-68506 HIGH
Nawawi Jamili Docket Cache <24.07.03 - Code Injection
CVSS 8.1
CVE-2025-68560 HIGH
CodexThemes TheGem Theme Elements - Code Injection
CVSS 7.5
CVE-2025-68546 HIGH
Thembay Nika <1.2.14 - Code Injection
CVSS 7.5
CVE-2025-68544 HIGH
Thembay Diza <1.3.15 - Code Injection
CVSS 7.5
CVE-2025-68645 HIGH KEV
Zimbra Collaboration Suite 10.0.0-10.0.17 - Unauthenticated Local File Inclusion via RestFilter Servlet
CVSS 8.8
CVE-2025-13641 HIGH
NextGEN Gallery <3.59.12 - Local File Inclusion
CVSS 8.8
CVE-2025-6326 HIGH
AncoraThemes Inset <=1.18.0 - Code Injection
CVSS 8.1
CVE-2025-64377 HIGH
CridioStudio ListingPro <2.9.10 - Code Injection
CVSS 8.1
CVE-2025-64373 HIGH
shinetheme Traveler <3.2.6 - Code Injection
CVSS 8.1
CVE-2025-64223 HIGH
PenciDesign PenNews <6.7.3 - Code Injection
CVSS 8.1
CVE-2025-64205 HIGH
TieLabs Jannah <=7.6.0 - Code Injection
CVSS 8.1
CVE-2025-64193 HIGH
8theme XStore <9.6.1 - Code Injection
CVSS 7.5
CVE-2025-60078 HIGH
Agence web Eoxia - Montpellier Task Manager <3.0.2 - Code Injection
CVSS 7.5
CVE-2025-60076 HIGH
Ray Enterprise Translation <= 1.7.1 - Code Injection
CVSS 7.5
CVE-2025-60072 HIGH
Anchor smooth scroll <=1.0.2 - Code Injection
CVSS 8.1
CVE-2025-60071 HIGH
Riode | Multi-Purpose WooCommerce <= 1.6.23 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60069 HIGH
MinimogWP <= 3.9.6 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60067 HIGH
axiomthemes Giardino <= 1.1.10 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60066 HIGH
axiomthemes Katelyn <= 1.0.10 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60065 HIGH
axiomthemes Pinevale <= 1.0.14 - PHP Local File Inclusion
CVSS 8.1
Details
Vulnerabilities 1,228
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits