CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98
CVE-2025-53259 HIGH
nicdark Hotel Booking <3.7 - Code Injection
CVSS 7.5
CVE-2025-53257 HIGH
Gmedia Photo Gallery <1.23.0 - Code Injection
CVSS 7.5
CVE-2025-52816 HIGH
themehunk Zita <= 1.6.5 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-52815 HIGH
AncoraThemes CityGov <1.9 - Code Injection
CVSS 8.1
CVE-2025-52814 HIGH
ovatheme BRW <1.7.9 - Code Injection
CVSS 8.1
CVE-2025-52812 HIGH
ApusWP Domnoo <1.49 - Code Injection
CVSS 8.1
CVE-2025-52809 HIGH
National Weather Service Alerts <1.3.5 - Code Injection
CVSS 8.1
CVE-2025-52808 HIGH
RealtyElite <1.0.0 - Code Injection
CVSS 8.1
CVE-2025-52729 HIGH
Diza <= 1.3.9 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-52723 HIGH
codesupplyco Networker <1.2.0 - Code Injection
CVSS 8.1
CVE-2025-49886 HIGH
WebGeniusLab Zikzag Core <1.4.5 - Code Injection
CVSS 8.1
CVE-2025-49883 HIGH
Greenmart <= 4.2.3 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-49416 HIGH
FW Gallery <= 8.0.0 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-32298 HIGH
Case-Themes CTUsers <1.0.0 - Code Injection
CVSS 7.5
CVE-2025-30992 HIGH
Puca <= 2.6.33 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-28998 HIGH
SERPed.net <= 4.6 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-28990 HIGH
SNS Vicky <= 3.7 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-28947 HIGH
snstheme MBStore <2.3 - Code Injection
CVSS 8.1
CVE-2025-28946 HIGH
BZOTheme PrintXtore <1.7.5 - Code Injection
CVSS 8.1
CVE-2025-24769 HIGH
BZOTheme Zenny <1.7.5 - Code Injection
CVSS 8.1
CVE-2025-24760 HIGH
goalthemes Sofass <1.3.4 - Code Injection
CVSS 8.1
CVE-2025-52562 CRITICAL
ConvoyPanel 3.9.0-rc.3-4.4.0 - Path Traversal & PHP Execution via Locale/Namespace
CVSS 10.0
CVE-2025-52715 HIGH
RadiusTheme Classified Listing <4.2.0 - Code Injection
CVSS 7.5
CVE-2025-52708 HIGH
RealMag777 HUSKY <1.3.7 - Code Injection
CVSS 7.5
CVE-2025-49508 HIGH
LoftOcean CozyStay - Info Disclosure
CVSS 8.1
Details
Vulnerabilities 1,228
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits