Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-39526 HIGH

nicdark Hotel Booking <3.6 - Code Injection

CVE-2025-39462 HIGH

teamzt Smart Agreements <1.0.3 - Code Injection

CVE-2025-39461 HIGH

Nawawi Jamili Docket Cache <24.07.02 - Code Injection

CVE-2025-39452 HIGH

Themewinter WPCafe <2.2.32 - Code Injection

CVE-2025-39429 HIGH

Széchenyi 2020 Logo <1.1 - PHP Local File Inclusion

CVE-2025-31030 HIGH

Ray Enterprise Translation <1.7.0 - Code Injection

CVE-2025-31340 CRITICAL

Wisdom Master Pro 5.0-5.2 - Remote Code Execution via Course Information Retrieval

CVE-2025-39592 HIGH

WP Shuffle Subscribe to Unlock Lite <1.3.0 - Code Injection

CVE-2025-39584 HIGH

Eventin <= 4.0.25 - PHP Local File Inclusion

CVE-2025-39570 HIGH

Lomu WPCOM Member <1.7.7 - Code Injection

CVE-2025-27011 HIGH

Booking and Rental Manager <2.2.8 - Code Injection

CVE-2025-26894 HIGH

NotFound Coming Soon, Maintenance Mode <1.1.1 - Code Injection

CVE-2025-26889 HIGH

hockeydata LOS <1.2.4 - Code Injection

CVE-2025-32672 HIGH

g5theme Ultimate Bootstrap Elements for Elementor <1.4.9 - Code Inj...

CVE-2025-32663 HIGH

FAT Cooming Soon <= 1.1 - PHP Local File Inclusion

CVE-2025-32656 HIGH

NotFound Testimonial Slider And Showcase Pro <2.3.15 - Code Injection

CVE-2025-32654 HIGH

Stylemix Motors <1.4.65 - Code Injection

CVE-2025-32627 HIGH

JoomSky JS Job Manager <= 2.0.2 - PHP Local File Inclusion

CVE-2025-32614 HIGH

EventON <= 2.4 - PHP Local File Inclusion

CVE-2025-32589 HIGH

odude Flexi - Guest Submit <4.28 - Code Injection

CVE-2025-32577 CRITICAL

hakeemnala Build App Online <1.0.23 - Code Injection

CVE-2025-32519 HIGH

IDonate <= 2.1.18 - PHP Local File Inclusion

CVE-2025-31040 HIGH

NotFound WP Food ordering and Restaurant Menu <1.1 - Code Injection

CVE-2025-31015 HIGH

Adrian Tobey WordPress SMTP Service - Code Injection

CVE-2025-31014 HIGH

Material Dashboard <1.4.5 - Code Injection

Previous Page 39 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy