Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-49261 HIGH

thembay Diza <1.3.8 - Code Injection

CVE-2025-49260 HIGH

Aora <= 1.3.9 - PHP Local File Inclusion

CVE-2025-49259 HIGH

thembay Hara <= 1.2.10 - PHP Local File Inclusion

CVE-2025-49258 HIGH

thembay Maia <1.1.15 - Code Injection

CVE-2025-49257 HIGH

Zota <= 1.3.8 - PHP Local File Inclusion

CVE-2025-49256 HIGH

thembay Sapa <1.1.14 - Code Injection

CVE-2025-49255 HIGH

thembay Ruza <1.0.7 - Code Injection

CVE-2025-49254 HIGH

thembay Nika <= 1.2.8 - PHP Local File Inclusion

CVE-2025-49253 HIGH

Lasa <= 1.1 - PHP Local File Inclusion

CVE-2025-49252 HIGH

thembay Besa <= 2.3.8 - PHP Local File Inclusion

CVE-2025-49251 HIGH

thembay Fana <1.1.28 - Code Injection

CVE-2025-47572 HIGH

Mojoomla School Management <93.0.0 - Code Injection

CVE-2025-32549 HIGH

Mojoomla WPGYM <65.0 - Code Injection

CVE-2025-29002 HIGH

Simen <= 4.6 - PHP Local File Inclusion

CVE-2025-28991 HIGH

snstheme Evon <3.4 - Code Injection

CVE-2025-24761 HIGH

snstheme DSK < 2.4 - PHP Local File Inclusion

CVE-2025-4200 HIGH

Zagg - Electronics & Accessories WooCommerce WordPress Theme <1.4.1...

CVE-2025-49454 HIGH

LoftOcean TinySalt <3.10.0 - Code Injection

CVE-2025-49282 HIGH

Unfoldwp Magze <1.0.9 - Code Injection

CVE-2025-49281 HIGH

Unfoldwp Magways <1.2.1 - Code Injection

CVE-2025-49280 HIGH

Unfoldwp Magty <1.0.6 - Code Injection

CVE-2025-49279 HIGH

Unfoldwp Blogvy <1.0.7 - Code Injection

CVE-2025-49278 HIGH

Unfoldwp Blogty <1.0.11 - Code Injection

CVE-2025-49277 HIGH

Unfoldwp Blogprise <1.0.9 - Code Injection

CVE-2025-49276 HIGH

Unfoldwp Blogmine <1.1.7 - Code Injection

Previous Page 35 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy