Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-23915 HIGH

Roninwp FAT Event Lite - Code Injection

CVE-2025-22508 HIGH

Roninwp FAT Event Lite - Code Injection

CVE-2025-22145 MEDIUM

Carbon <3.8.4, <2.72.6 - Code Injection

CVE-2025-22364 HIGH

Service Shogun Ach Invoice App <1.0.1 - Code Injection

CVE-2025-22305 MEDIUM

Hero Banner Ultimate <= 1.4.4 - PHP Local File Inclusion

CVE-2024-54263 HIGH

Talemy Spirit Framework <1.2.13 - Code Injection

CVE-2024-58302 MEDIUM

FoF Pretty Mail 1.1.2 - Local File Inclusion

CVE-2024-14002 MEDIUM

Nagios XI < 2024R1.1.4 - Authenticated Local File Inclusion via NagVis Integration

CVE-2024-8393 MEDIUM

Woolook <1.7.0 - Local File Inclusion

CVE-2024-40112 MEDIUM

Sitecom WLX-2006 Firmware < 1.5 - Local File Inclusion via Language Cookie

CVE-2024-13790 CRITICAL

MinimogWP < 3.7.0 - Unauthenticated Local File Inclusion via Template Parameter

CVE-2024-12563 HIGH

s2Member Pro - Local File Inclusion

CVE-2024-51319 HIGH

Zucchetti Ad Hoc Infinity 2.4 - Authenticated Remote Code Execution via Local File Include in Report Servlet

CVE-2024-9193 CRITICAL

WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion

CVE-2024-12811 HIGH

Traveler Theme <3.1.8 - Authenticated RCE

CVE-2024-13353 HIGH

Responsive Addons for Elementor <1.6.4 - Local File Inclusion

CVE-2024-13592 HIGH

Team Builder For WPBakery Page Builder <= 1.0 - Authenticated Local File Inclusion via 'team-builder-vc' Shortcode

CVE-2024-12859 HIGH

BoomBox Theme Extensions <1.8.0 - Code Injection

CVE-2024-45077 MEDIUM

IBM Maximo Asset Management 7.6.1.3 - Unrestricted File Upload

CVE-2024-13408 HIGH

Post Grid, Slider & Carousel Ultimate <1.6.10 - Local File Inclusion

CVE-2024-13593 HIGH

BMLT Meeting Map <= 2.6.0 - Authenticated Local File Inclusion via Shortcode

CVE-2024-53800 HIGH

rezgo Rezgo < 4.17 - Local File Inclusion

CVE-2024-56282 HIGH

Elicus WPMozo Addons Lite - Code Injection

CVE-2024-56281 HIGH

CodeMShop SimplePay <5.2.0 - PHP Local File Inclusion

CVE-2024-49649 CRITICAL

Abdul Hakeem Build App Online <1.0.23 - Code Injection

Previous Page 43 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy