CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98
CVE-2025-60064 HIGH
axiomthemes Renewal <= 1.2.2 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60063 HIGH
axiomthemes Rosalinda <= 1.2.3 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60061 HIGH
axiomthemes Kicker <= 2.2.0 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60060 HIGH
axiomthemes Pubzinne <= 1.0.12 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60059 HIGH
axiomthemes smartSEO <= 2.12 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60058 HIGH
AncoraThemes DetailX <1.10.0 - Code Injection
CVSS 8.1
CVE-2025-60057 HIGH
AncoraThemes DJ Rainflow <1.3.13 - Code Injection
CVSS 8.1
CVE-2025-60056 HIGH
AncoraThemes Winger <= 1.0.16 - Code Injection
CVSS 8.1
CVE-2025-60055 HIGH
AncoraThemes Fabrica <1.8.2 - Code Injection
CVSS 8.1
CVE-2025-60054 HIGH
AncoraThemes OnLeash <1.5.3 - Code Injection
CVSS 8.1
CVE-2025-60053 HIGH
AncoraThemes MaxCube <= 1.3.1 - Code Injection
CVSS 8.1
CVE-2025-60052 HIGH
AncoraThemes W&D <= 1.0 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60051 HIGH
AncoraThemes Rare Radio <1.0.15.1 - Code Injection
CVSS 8.1
CVE-2025-60050 HIGH
axiomthemes Panda <= 1.21 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60049 HIGH
Soleil <= 1.17 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60048 HIGH
axiomthemes Tripster <= 1.0.10 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60047 HIGH
axiomthemes IPharm and ipharm <= 1.2.3 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60046 HIGH
axiomthemes HeartStar <= 1.0.14 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-60044 HIGH
AncoraThemes Fribbo <= 1.1.0 - Code Injection
CVSS 8.1
CVE-2025-60043 HIGH
AncoraThemes Wanderic <1.0.11 - Code Injection
CVSS 8.1
CVE-2025-60042 HIGH
AncoraThemes Chinchilla <1.17 - Code Injection
CVSS 8.1
CVE-2025-58950 HIGH
Axiomthemes Lione <=1.16 - Code Injection
CVSS 8.1
CVE-2025-58949 HIGH
Axiomthemes Spock <1.18 - Code Injection
CVSS 8.1
CVE-2025-58948 HIGH
axiomthemes Aromatica <= 1.8 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-58947 HIGH
Axiomthemes Athos <2.0 - Code Injection
CVSS 8.1
Details
Vulnerabilities 1,228
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits