Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2024-21687 HIGH

Atlassian Bamboo 9.0.0-9.6.0 - Authenticated Local File Inclusion and Remote Code Execution

CVE-2024-38735 HIGH

N.O.U.S. Open Useful and Simple Event post <5.9.5 - Path Traversal

CVE-2024-37520 MEDIUM

RadiusTheme ShopBuilder < 2.1.12 - Local File Inclusion

CVE-2024-37410 MEDIUM

PowerPack Lite for Beaver Builder <= 1.3.0.3 - Local File Inclusion

CVE-2024-37479 HIGH

LA-Studio Element Kit for Elementor <= 1.3.8.1 - Local File Inclusion via Progress Bar Widget Progress Type Attribute

CVE-2024-5431 HIGH

WPCafe < 2.2.25 - Authenticated Local File Inclusion via reservation_extra_field Shortcode Parameter

CVE-2024-5455 HIGH

Plus Addons for Elementor Page Builder <5.5.4 - Code Injection

CVE-2024-5503 HIGH

WP Blog Post Layouts <1.1.3 - Code Injection

CVE-2024-5574 HIGH

WP Magazine Modules Lite - Local File Inclusion

CVE-2024-4551 MEDIUM

YotuWP <1.3.13 - Local File Inclusion

CVE-2024-4258 CRITICAL

YotuWP <1.3.13 - Local File Inclusion

CVE-2024-3813 HIGH

tagDiv Composer < 4.8 - Authenticated Local File Inclusion via block_template_id Attribute

CVE-2024-5577 CRITICAL

Where I Was, Where I Will Be <1.1.1 - RCE

CVE-2024-4936 CRITICAL

Canto < 3.0.9 - Unauthenticated Remote File Inclusion via abspath Parameter

CVE-2024-36415 CRITICAL

SuiteCRM < 7.14.4 - Remote Code Execution via Unrestricted File Upload

CVE-2024-35650 MEDIUM

MelaPress Login Security <= 1.3.0 - Remote File Inclusion

CVE-2024-4887 HIGH

Qi Addons For Elementor <1.7.2 - RCE

CVE-2024-35629 CRITICAL

Wow-Company Easy Digital Downloads - Recent Purchases <1.0.2 - Code...

CVE-2024-36569 HIGH

Sourcecodester Gas Agency Management System v1.0 - RCE

CVE-2024-5348 HIGH

Elements For Elementor <2.1 - Local File Inclusion

CVE-2024-3564 HIGH

Content Blocks (Custom Post Widget) <3.3.0 - Code Injection

CVE-2024-5345 HIGH

Responsive Owl Carousel for Elementor <1.2.0 - Code Injection

CVE-2024-3812 HIGH

Salient Core <2.0.7 - Local File Inclusion

CVE-2024-3810 HIGH

Salient Shortcodes <1.5.3 - Code Injection

CVE-2024-32523 HIGH

EverPress Mailster <4.0.6 - Path Traversal

Previous Page 46 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy