Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-48136 HIGH

Estatik Mortgage Calculator <2.0.12 - Code Injection

CVE-2025-47693 HIGH

FAT Services Booking <5.5 - Code Injection

CVE-2025-39507 HIGH

NasaTheme Nasa Core < 6.4.4 - PHP Local File Inclusion

CVE-2025-47653 HIGH

tggfref WP-Recall <16.26.14 - Code Injection

CVE-2025-47531 HIGH

XT Event Widget for Social Events <= 1.1.7 - PHP Local File Inclusion

CVE-2025-47510 HIGH

Display Eventbrite Events - Code Injection

CVE-2025-47508 HIGH

GamiPress <= 7.3.7 - Local File Inclusion

CVE-2025-47498 HIGH

nicdark Hotel Booking <3.6 - Code Injection

CVE-2025-47496 HIGH

PublishPress Authors <4.7.5 - Code Injection

CVE-2025-47494 HIGH

EventON <= 2.4.1 - PHP Local File Inclusion

CVE-2025-47440 HIGH

WPAdverts <= 2.2.2 - PHP Local File Inclusion

CVE-2025-47439 HIGH

WP Chill Download Monitor <5.0.22 - Code Injection

CVE-2025-2101 HIGH

Edumall theme for WordPress <4.2.4 - Local File Inclusion

CVE-2025-46230 HIGH

GhozyLab Popup Builder <1.1.35 - Code Injection

CVE-2025-39399 HIGH

License For Envato <1.0.0 - Code Injection

CVE-2025-39391 HIGH

zamartz Checkout Field Visibility for WooCommerce <1.2.3 - Code Inj...

CVE-2025-39387 HIGH

WPoperation Opstore <1.4.5 - Code Injection

CVE-2025-39384 HIGH

cedcommerce Product Lister for eBay <2.0.9 - Code Injection

CVE-2025-39383 HIGH

Code Work Web Xews Lite <1.0.9 - RCE

CVE-2025-39379 HIGH

Capturly <= 2.0.1 - PHP Local File Inclusion

CVE-2025-39378 HIGH

Holest Engineering Spreadsheet Price Changer <2.4.37 - Code Injection

CVE-2025-39360 HIGH

everestthemes Grace Mag <1.1.5 - Code Injection

CVE-2025-39359 HIGH

Code Work Web CWW Portfolio <1.3.1 - Code Injection

CVE-2025-32921 HIGH

WPoperation Arrival <1.4.5 - Code Injection

CVE-2025-0632 CRITICAL

Formulatrix Rock Maker Web 3.2.1.1-3.18.3.2 - Local File Inclusion via Render Function

Previous Page 38 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy