CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98
CVE-2025-49362 HIGH
AncoraThemes Gracioza <= 1.0.15 - Code Injection
CVSS 8.1
CVE-2025-49361 HIGH
AncoraThemes Mamita <1.0.10 - Code Injection
CVSS 8.1
CVE-2025-49360 HIGH
AncoraThemes Militarology <1.0.15 - Code Injection
CVSS 8.1
CVE-2025-49359 HIGH
AncoraThemes ShieldGroup <2.14 - Code Injection
CVSS 8.1
CVE-2025-68068 HIGH
Select-Themes Stockholm <9.14.1 - Code Injection
CVSS 7.5
CVE-2025-68067 HIGH
Select-Themes Stockholm Core <2.4.6 - Code Injection
CVSS 7.5
CVE-2025-68066 HIGH
PenciDesign Soledad <=8.7.0 - Code Injection
CVSS 7.5
CVE-2025-68065 HIGH
LiquidThemes Hub Core <5.0.8 - Code Injection
CVSS 7.5
CVE-2025-68062 HIGH
MinimogWP <= 3.9.6 - PHP Local File Inclusion
CVSS 7.5
CVE-2025-68061 HIGH
ThemeMove EduMall <= 4.4.7 - PHP Local File Inclusion
CVSS 7.5
CVE-2025-14475 HIGH
Extensive VC Addons <1.9.2 - Local File Inclusion
CVSS 8.1
CVE-2025-13886 HIGH
LT Unleashed <1.1.1 - Local File Inclusion
CVSS 7.5
CVE-2025-63738 MEDIUM
Xinhu Rainrock RockOA <2.7.0 - Info Disclosure
CVSS 4.3
CVE-2025-67532 HIGH
thembay Hara <= 1.2.17 - PHP Local File Inclusion
CVSS 7.5
CVE-2025-67531 HIGH
trippleS Turitor < 1.5.3 - PHP Local File Inclusion
CVSS 7.5
CVE-2025-67530 HIGH
thembay Besa <= 2.3.15 - PHP Local File Inclusion
CVSS 7.5
CVE-2025-67529 HIGH
Opal_WP Fashion <5.3.0 - Code Injection
CVSS 7.5
CVE-2025-67528 HIGH
thembay Urna <= 2.5.12 - PHP Local File Inclusion
CVSS 7.5
CVE-2025-67527 HIGH
tripleS Digiqole <2.2.7 - Code Injection
CVSS 7.5
CVE-2025-67526 HIGH
ThimPress Sailing <4.4.6 - Code Injection
CVSS 7.5
CVE-2025-67525 HIGH
Opal_WP ekommart < 4.3.1 - PHP Local File Inclusion
CVSS 7.5
CVE-2025-67524 HIGH
NooTheme Jobmonster Elementor Addon <1.1.4 - Code Injection
CVSS 7.5
CVE-2025-67523 HIGH
tripleS Exhibz <= 3.0.9 - Code Injection
CVSS 7.5
CVE-2025-67522 HIGH
NooTheme Jobmonster <4.8.2 - Code Injection
CVSS 7.5
CVE-2025-67521 HIGH
Select-Themes Select Core < 2.6 - Code Injection
CVSS 7.5
Details
Vulnerabilities 1,228
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits