CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98
CVE-2025-58946 HIGH
Axiomthemes Vocal <=1.12 - Code Injection
CVSS 8.1
CVE-2025-58945 HIGH
Axiomthemes EcoGrow <=1.7 - Code Injection
CVSS 8.1
CVE-2025-58944 HIGH
Axiomthemes Manufactory <1.5 - Code Injection
CVSS 8.1
CVE-2025-58943 HIGH
axiomthemes Agricola <= 1.1.0 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-58942 HIGH
AxiomThemes Dwell <1.7.0 - Code Injection
CVSS 8.1
CVE-2025-58941 HIGH
Axiomthemes Fabric <1.5.0 - Code Injection
CVSS 8.1
CVE-2025-58940 HIGH
AxiomThemes Basil <1.3.12 - Code Injection
CVSS 8.1
CVE-2025-58937 HIGH
Axiomthemes Tacticool <=1.0.13 - Code Injection
CVSS 8.1
CVE-2025-58936 HIGH
Axiomthemes Catamaran <= 1.15 - Code Injection
CVSS 8.1
CVE-2025-58935 HIGH
Axiomthemes Lunna <1.16 - Code Injection
CVSS 8.1
CVE-2025-58934 HIGH
AxiomThemes The Gig <1.18.0 - Code Injection
CVSS 8.1
CVE-2025-58933 HIGH
Axiomthemes Anubis <= 1.25 - Code Injection
CVSS 8.1
CVE-2025-58932 HIGH
Axiomthemes Prisma <=1.10 - Code Injection
CVSS 8.1
CVE-2025-58931 HIGH
Axiomthemes Palatio <=1.6 - Code Injection
CVSS 8.1
CVE-2025-58930 HIGH
Axiomthemes FitFlex <=1.6 - Code Injection
CVSS 8.1
CVE-2025-58929 HIGH
axiomthemes Pantry <= 1.4 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-58928 HIGH
Axiomthemes Heart <1.9 - Code Injection
CVSS 8.1
CVE-2025-58927 HIGH
Axiomthemes Stallion <=1.17 - Code Injection
CVSS 8.1
CVE-2025-58926 HIGH
Axiomthemes Cerebrum <1.13 - Code Injection
CVSS 8.1
CVE-2025-58925 HIGH
Axiomthemes Neptunus <1.0.11 - Code Injection
CVSS 8.1
CVE-2025-58923 HIGH
Axiomthemes Critique <1.18 - Code Injection
CVSS 8.1
CVE-2025-58901 HIGH
AncoraThemes Takeout <1.3.0 - Code Injection
CVSS 8.1
CVE-2025-58900 HIGH
AncoraThemes UniTravel <1.4.2 - Code Injection
CVSS 8.1
CVE-2025-58899 HIGH
AncoraThemes Frame <= 2.4.0 - Code Injection
CVSS 8.1
CVE-2025-58898 HIGH
AncoraThemes HealthHub <1.3.0 - Code Injection
CVSS 8.1
Details
Vulnerabilities 1,228
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits