Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2024-27971 HIGH

Premmerce Permalink Manager <2.3.10 - Path Traversal

CVE-2024-3551 CRITICAL

Penci Soledad Data Migrator <1.3.0 - Local File Inclusion

CVE-2024-4670 HIGH

All-in-One Video Gallery <3.6.5 - Code Injection

CVE-2024-33863 CRITICAL

linqi < 1.4.0.1 - Local File Inclusion via /api/Cdn/GetFile

CVE-2024-4441 HIGH

WordPress XML Sitemap & Google News <5.4.8 - Local File Inclusion

CVE-2024-3809 HIGH

Porto Theme - Functionality <3.0.9 - Local File Inclusion

CVE-2024-3808 HIGH

Porto Theme - Functionality <3.1.0 - Code Injection

CVE-2024-3807 HIGH

Porto theme <7.1.0 - Code Injection

CVE-2024-3806 CRITICAL

Porto theme for WordPress <7.1.0 - Local File Inclusion

CVE-2024-31459 HIGH

Cacti < 1.2.27 - Remote Code Execution via Plugin Hook File Inclusion

CVE-2024-34314 MEDIUM

CmsEasy 7.7.7.9 - Local File Inclusion via fetch_action Method

CVE-2024-3849 HIGH

Click to Chat - HoliThemes <3.35 - Local File Inclusion

CVE-2024-3500 HIGH

ElementsKit Pro <3.6.0 - Code Injection

CVE-2024-3499 HIGH

ElementsKit Elementor Addons <3.1.0 - Local File Inclusion

CVE-2024-1600 CRITICAL

lollms_web_ui 9.0-9.6 - Local File Inclusion via Personalities Route

CVE-2024-3136 CRITICAL

MasterStudy LMS <3.3.3 - Local File Inclusion

CVE-2024-30849 CRITICAL

Sourcecodester Complete E-Commerce Site 1.0 - Remote Code Execution via Admin Products Photo Upload

CVE-2024-2047 HIGH

ElementsKit Elementor Addons <3.0.6 - Local File Inclusion

CVE-2024-3061 HIGH

HUSKY - Products Filter Professional for WooCommerce <1.3.5.2 - Cod...

CVE-2024-2411 CRITICAL

MasterStudy LMS <3.3.0 - Local File Inclusion

CVE-2024-1382 HIGH

Restaurant Reservations < 1.9 - Authenticated Local File Inclusion via nd_rst_layout Shortcode Attribute

CVE-2024-0315 MEDIUM

FireEye Central Management 9.1.1.956704 - Remote File Inclusion via Report Creation PDF Upload

CVE-2023-25998 HIGH

Samex - Clean, Minimal Shop WooCommerce WordPress Theme <2.6 - Code...

CVE-2023-26005 HIGH

BZOTheme Fitrush <1.3.4 - Code Injection

CVE-2023-25999 HIGH

BodyCenter - Gym, Fitness WooCommerce WordPress Theme <2.4 - Code I...

Previous Page 47 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy