Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-1771 CRITICAL

Traveler theme for WordPress <3.1.8 - Local File Inclusion

CVE-2025-1707 HIGH

Review Schema <2.2.4 - Local File Inclusion

CVE-2025-26933 HIGH

Nitin Prakash WC Place Order Without Payment <2.6.7 - Code Injection

CVE-2025-26916 CRITICAL

EPC Massive Dynamic <8.2 - Code Injection

CVE-2025-27264 HIGH

NotFound Doctor Appointment Booking <1.0.0 - Code Injection

CVE-2025-25109 HIGH

WP Vehicle Manager <3.1 - Code Injection

CVE-2025-23945 HIGH

Popliup <= 1.1.1 - PHP Local File Inclusion

CVE-2025-26985 HIGH

Majestic Support <1.0.6 - Code Injection

CVE-2025-26979 HIGH

FunnelKit Funnel Builder <3.9.0 - Code Injection

CVE-2025-26964 HIGH

Eventin <= 4.0.20 - PHP Local File Inclusion

CVE-2025-26957 HIGH

Deetronix Affiliate Coupons <1.7.3 - Code Injection

CVE-2025-26932 HIGH

QuantumCloud ChatBot <6.3.5 - Code Injection

CVE-2025-27272 HIGH

VG PostCarousel <1.1 - Code Injection

CVE-2025-26760 HIGH

Wow-Company Calculator Builder <1.6.2 - Code Injection

CVE-2025-26757 HIGH

FULL SERVICES FULL - Code Injection

CVE-2025-22656 HIGH

Oscar Alvarez Cookie Monster <1.2.2 - Code Injection

CVE-2025-25141 HIGH

zankover Fami Sales Popup <2.0.0 - Code Injection

CVE-2025-0366 HIGH

Jupiter X Core < 4.8.8 - Authenticated Local File Inclusion to Remote Code Execution via get_svg() Function

CVE-2025-24782 MEDIUM

Post Grid, Slider & Carousel Ultimate <= 1.6.10 - PHP Local File Inclusion

CVE-2025-0682 HIGH

ThemeREX Addons <2.33.0 - Code Injection

CVE-2025-24733 MEDIUM

AddonMaster Post Grid Master <3.4.12 - Code Injection

CVE-2025-23949 HIGH

Mihajlovic Nenad Improved Sale Badges - Free Version <1.0.1 - Code ...

CVE-2025-23948 HIGH

WebArea Background <2.1.5 - Code Injection

CVE-2025-23938 HIGH

NotFound Image Gallery Box <1.0.3 - Code Injection

CVE-2025-22311 HIGH

Private Messages for UserPro <= 4.10.0 - Local File Inclusion

Previous Page 42 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy