CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98
CVE-2025-53439 HIGH
Axiomthemes Harper <1.13 - Code Injection
CVSS 8.1
CVE-2025-53438 HIGH
Axiomthemes FitLine <=1.6 - Code Injection
CVSS 8.1
CVE-2025-53437 HIGH
ApusTheme Greenorganic <2.45 - Code Injection
CVSS 8.1
CVE-2025-53436 HIGH
BZOTheme Monki <= 2.0.4 - Code Injection
CVSS 8.1
CVE-2025-53435 HIGH
Plan My Day <1.1.13 - Code Injection
CVSS 8.1
CVE-2025-53434 HIGH
AncoraThemes ChildHope <1.1.8 - Code Injection
CVSS 8.1
CVE-2025-53433 CRITICAL
AncoraThemes EasyEat <=1.9.0 - Code Injection
CVSS 9.8
CVE-2025-53432 HIGH
AncoraThemes Echo <=1.15.0 - Code Injection
CVSS 8.1
CVE-2025-53431 HIGH
AncoraThemes Emberlyn <=1.3.1 - Code Injection
CVSS 8.1
CVE-2025-53430 HIGH
AncoraThemes Etta <1.14.0 - Code Injection
CVSS 8.1
CVE-2025-53429 HIGH
AncoraThemes Exit Game <= 1.4.3 - Code Injection
CVSS 8.1
CVE-2025-52768 HIGH
AncoraThemes Faith & Hope <= 2.13.0 - Code Injection
CVSS 8.1
CVE-2025-52745 HIGH
AncoraThemes Farm Agrico <1.3.11 - Code Injection
CVSS 8.1
CVE-2025-49943 HIGH
AncoraThemes Femme <= 1.3.11 - Code Injection
CVSS 8.1
CVE-2025-49942 HIGH
AncoraThemes Gardis <1.2.13 - Code Injection
CVSS 8.1
CVE-2025-49941 HIGH
AncoraThemes GlamChic <=1.0.11 - Code Injection
CVSS 8.1
CVE-2025-49371 HIGH
AncoraThemes Strux <2 - Code Injection
CVSS 8.1
CVE-2025-49370 HIGH
AncoraThemes Lymcoin <=1.3.12 - Code Injection
CVSS 8.1
CVE-2025-49369 HIGH
AncoraThemes Lettuce <= 1.1.7 - Code Injection
CVSS 8.1
CVE-2025-49368 HIGH
AncoraThemes Palladio <1.1.10 - Code Injection
CVSS 8.1
CVE-2025-49367 HIGH
Monyxi <= 1.1.8 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-49366 HIGH
AncoraThemes Hanani <1.2.11 - Code Injection
CVSS 8.1
CVE-2025-49365 HIGH
AncoraThemes Jack Well <=1.0.14 - Code Injection
CVSS 8.1
CVE-2025-49364 HIGH
AncoraThemes Ludos Paradise <2.1.3 - Code Injection
CVSS 8.1
CVE-2025-49363 HIGH
AncoraThemes Kings & Queens <=1.1.16 - Code Injection
CVSS 8.1
Details
Vulnerabilities 1,228
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits