Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-46454 HIGH

svil4ok Meta Keywords & Description <0.9 - Code Injection

CVE-2025-46444 HIGH

scripteo Ads Pro Plugin <4.88 - Code Injection

CVE-2025-39506 HIGH

Nasa Core <= 6.3.2 - PHP Local File Inclusion

CVE-2025-39494 HIGH

Qodeinteractive Wilmer < 3.4.2 - Remote File Inclusion

CVE-2025-39490 HIGH

Backpack Traveler <= 2.10.2 - PHP Local File Inclusion

CVE-2025-32309 HIGH

ThemeMove Healsoul <= 2.2.3 - PHP Local File Inclusion

CVE-2025-32302 HIGH

gavias Winnex <= 1.3.2 - PHP Local File Inclusion

CVE-2025-32294 HIGH

gavias Oxpitan <1.3.1 - Code Injection

CVE-2025-32289 HIGH

ApusTheme Yozi <2.0.52 - Code Injection

CVE-2025-32286 HIGH

ApusTheme Butcher <2.40 - Code Injection

CVE-2025-31913 HIGH

ApusTheme Ogami <1.53 - Code Injection

CVE-2025-31912 HIGH

gavias Enzio <1.1.8 - Code Injection

CVE-2025-31633 HIGH

gavias Kiamo - Responsive Business Service WordPress Theme <1.3.3 -...

CVE-2025-31632 HIGH

SpyroPress La Boom <2.7 - Code Injection

CVE-2025-31064 HIGH

gavias Vizeon - Business Consulting <1.1.7 - Code Injection

CVE-2025-31060 HIGH

ApusTheme Capie <1.0.40 - Code Injection

CVE-2025-25539 MEDIUM

OneSpan Vasco Self-Service Portal < 3.14 - Local File Inclusion via Help Menu

CVE-2025-32925 HIGH

SUMO Reward Points <= 30.7.0 - PHP Local File Inclusion

CVE-2025-39458 HIGH

Foton <= 2.5.2 - PHP Local File Inclusion

CVE-2025-39411 HIGH

Indie_Plugins WhatsApp Click to Chat Plugin <2.2.12 - Code Injection

CVE-2025-39406 CRITICAL

mojoomla WPAMS <44.0 - Code Injection

CVE-2025-39396 HIGH

Crocoblock JetReviews <2.3.6 - Code Injection

CVE-2025-26735 HIGH

Grip < 1.0.9 - Local File Inclusion

CVE-2025-47576 HIGH

Bringthepixel Bimber - Viral Magazine <9.2.5 - Code Injection

CVE-2025-39364 HIGH

PluginEver Product Category Slider <4.3.4 - Code Injection

Previous Page 37 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy