Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-67515 HIGH

Qodeinteractive Wilmer < 3.5 - Remote File Inclusion

CVE-2025-63076 HIGH

Dream-Theme The7 Elements <2.7.11 - Code Injection

CVE-2025-63074 HIGH

Dream-Theme The7 <12.8.0.2 - Code Injection

CVE-2025-63062 HIGH

AndonDesign UDesign Core <4.14.0 - Code Injection

CVE-2025-63036 HIGH

DFDevelopment Ronneby Theme Core <1.5.68 - Code Injection

CVE-2025-63003 HIGH

fuelthemes North <1.4.2 - Code Injection

CVE-2025-12851 HIGH

My auctions allegro plugin for WordPress <3.6.32 - Local File Inclu...

CVE-2025-65656 CRITICAL

dcat_admin < 1.7.9 and 2.0.0-2.2.3 - Remote File Inclusion in VersionManager.php

CVE-2025-66115 MEDIUM

MatrixAddons Easy Invoice <2.1.4 - Code Injection

CVE-2025-63888 CRITICAL

ThinkPHP 5.0.24 - Remote Code Execution via Template File Inclusion

CVE-2025-41734 CRITICAL

metz-connect ewio2-m_firmware < 2.2.0 - Unauthenticated Remote File Inclusion

CVE-2025-13088 HIGH

Category and Product Woocommerce Tabs <1.0 - Local File Inclusion

CVE-2025-64714 MEDIUM

PrivateBin 1.7.7-2.0.3 - Unauthenticated Local File Inclusion via Template Cookie

CVE-2025-60574 HIGH

tQuadra CMS 4.2.1117 - Local File Inclusion via Styles Path

CVE-2025-64287 HIGH

Edge-Themes Alloggio - Hotel Booking <1.8 - Code Injection

CVE-2025-62075 HIGH

Ido Kobelkowsky Simple Payment <= 2.4.6 - Code Injection

CVE-2025-62067 HIGH

Savory <= 2.5 - Local File Inclusion

CVE-2025-62066 HIGH

Revolution < 2.5.8 - Local File Inclusion

CVE-2025-62055 HIGH

Elated-Themes Academist <1.3 - Code Injection

CVE-2025-62053 HIGH

Houzez < 4.2.0 - Local File Inclusion

CVE-2025-62045 HIGH

CodexThemes TheGem Theme Elements - Code Injection

CVE-2025-62014 HIGH

ApusTheme ITok <1.1.42 - Code Injection

CVE-2025-62010 HIGH

ApusTheme Famita <= 1.54 - Code Injection

CVE-2025-60248 HIGH

WPC Product Options <1.8.7 - Code Injection

CVE-2025-60241 HIGH

Premmerce <= 1.3.19 - PHP Local File Inclusion

Previous Page 27 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy