Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,114 vulnerabilities with CWE-98

CVE-2026-22499 HIGH

WordPress Lella theme <= 1.2 - Local File Inclusion vulnerability

CVE-2026-22498 HIGH

WordPress Laurent theme <= 3.1 - Local File Inclusion vulnerability

CVE-2026-22496 HIGH

WordPress Hypnotherapy theme <= 1.2.10 - Local File Inclusion vulnerability

CVE-2026-22495 HIGH

WordPress Greenville theme <= 1.3.2 - Local File Inclusion vulnerability

CVE-2026-22494 HIGH

WordPress Good Homes theme <= 1.3.13 - Local File Inclusion vulnerability

CVE-2026-22493 HIGH

WordPress Gaspard theme <= 1.3 - Local File Inclusion vulnerability

CVE-2026-33513 HIGH

AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP)

CVE-2026-33130 MEDIUM

Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)

CVE-2026-22324 HIGH

WordPress Melania theme <= 2.5.0 - Local File Inclusion vulnerability

CVE-2026-27065 CRITICAL

WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion vulnerability

CVE-2026-27093 HIGH

WordPress Tripgo theme < 1.5.6 - Local File Inclusion vulnerability

CVE-2026-29858 HIGH

aaPanel 7.57.0 - Path Traversal

CVE-2026-1463 HIGH

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion

CVE-2026-27894 HIGH

LAM has Authenticated Local File Inclusion (LFI) in PDF export

CVE-2026-32426 HIGH

Medilazar Core <1.4.7 - PHP Local File Inclusion

CVE-2026-32401 HIGH

Sprout Invoices Client Invoicing <=20.8.9 - PHP RFI

CVE-2026-32400 HIGH

Boldman <=7.7 - PHP Local File Inclusion

CVE-2026-32393 HIGH

Greenly Theme Addons <8.2 - PHP Local File Inclusion

CVE-2026-32392 HIGH

Creatives_Planet Greenly <=8.1 - PHP Local File Inclusion

CVE-2026-32384 HIGH

WpBookingly <=1.2.9 - PHP Local File Inclusion

CVE-2026-32369 HIGH

RadiusTheme Medilink-Core <2.0.7 - PHP Local File Inclusion

CVE-2026-32364 HIGH

Turbo Manager <4.0.8 - PHP Local File Inclusion

CVE-2026-3826 CRITICAL

IFTOP - Path Traversal

CVE-2026-28129 HIGH

Little Birdies <=1.3.16 - PHP Local File Inclusion

CVE-2026-28128 HIGH

ThemeREX Verse <=1.7.0 - PHP Local File Inclusion

Previous Page 3 of 45 Next

Details

Vulnerabilities 1,114

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy