Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2024-10571 CRITICAL

Chartify - WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via Source Parameter

CVE-2024-10871 CRITICAL

Category Ajax Filter <2.8.2 - Local File Inclusion

CVE-2024-10436 HIGH

WPC Smart Messages for WooCommerce <4.2.1 - Local File Inclusion

CVE-2024-50457 HIGH

Qode Essential Addons <= 1.6.3 - Local File Inclusion

CVE-2024-50436 HIGH

Clean Retina <= 3.0.6 - Local File Inclusion

CVE-2024-50435 HIGH

Meta News <= 1.1.7 - Local File Inclusion

CVE-2024-50434 HIGH

NewsCard <= 1.3 - Local File Inclusion

CVE-2024-50497 HIGH

BuyNowDepot Advanced Online Ordering & Delivery - Code Injection

CVE-2024-8392 HIGH

WordPress Post Grid Layouts - Local File Inclusion

CVE-2024-49701 HIGH

Theme Horse Mags <1.1.6 - Code Injection

CVE-2024-49690 HIGH

Qode Interactive Qi Blocks <1.3.2 - Code Injection

CVE-2024-49243 HIGH

Jon Vincent Mendoza Dynamic Elementor Addons <1.0.0 - Code Injection

CVE-2024-49317 HIGH

ZIPANG Point Maker <0.1.4 - Code Injection

CVE-2024-49251 HIGH

Maan Addons For Elementor <1.0.1 - Local Code Inclusion

CVE-2024-48029 HIGH

Hung Trang Si SB Random Posts Widget <1.0 - Code Injection

CVE-2024-9981 HIGH

FormosaSoft ee-class - PHP File Upload Inclusion Code Execution

CVE-2024-47323 HIGH

Ex-Themes WP Timeline - Path Traversal

CVE-2024-44023 HIGH

ABCApp Creator <1.1.2 - Path Traversal

CVE-2024-41925 CRITICAL

ONS-S8 - Spectra Aggregation Switch < unknown - Path Traversal, RCE

CVE-2024-44048 MEDIUM

wpWax Product Carousel Slider & Grid Ultimate - Path Traversal

CVE-2024-8252 HIGH

Clean Login <1.14.5 - Code Injection

CVE-2024-5762 HIGH

Zen Cart - Unauthenticated Local File Inclusion and Remote Code Execution via findPluginAdminPage

CVE-2024-43261 CRITICAL

Compute Links <1.2.1 - Code Injection

CVE-2024-4359 MEDIUM

Elementor Addons <5.7.2 - Info Disclosure

CVE-2024-6589 HIGH

LearnPress - WordPress LMS Plugin <4.2.6.8.2 - Local File Inclusion

Previous Page 45 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy