Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2022-41547 HIGH

Mobile Security Framework (MobSF) <0.9.2 - LFI

CVE-2022-40089 CRITICAL

Simple College Website 1.0 - Remote File Inclusion via PHP File Upload

CVE-2021-47978 MEDIUM

ProcessMaker 3.5.4 Local File Inclusion via Path Traversal

CVE-2021-47900 CRITICAL

Gila CMS < 2.0.0 - Unauthenticated Remote Code Execution via User-Agent Header Injection

CVE-2021-47734 HIGH

CMSimple 5.4 - Authenticated Local File Inclusion and Remote Code Execution via Session File Manipulation

CVE-2021-29113 MEDIUM

ArcGIS Server < 10.9.0 - Unauthenticated Remote File Inclusion in Help Documentation

CVE-2021-22968 HIGH

Concrete CMS < 8.5.7 - Authenticated Remote Code Execution via File Upload Bypass

CVE-2021-21804 CRITICAL

Advantech R-SeeNet <2.4.12 - Code Injection

CVE-2020-37246 MEDIUM

WordPress Plugin Supsystic Backup 2.3.9 Local File Inclusion

CVE-2020-37169 MEDIUM

WordPress Plugin ultimate-member 2.1.3 Local File Inclusion

CVE-2020-13175 HIGH

Teradici Cloud Access Connector < v15 - Local File Inclusion

CVE-2020-5295 MEDIUM

OctoberCMS <1.0.466 - Info Disclosure

CVE-2019-5479 HIGH

larvitbase-api < v0.5.5 - Info Disclosure

CVE-2018-25329 HIGH

WordPress Plugin WP with Spritz 1.0 Remote File Inclusion

CVE-2018-25324 MEDIUM

Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath

CVE-2018-25231 MEDIUM

HeidiSQL 9.5.0.5196 Denial of Service via Preferences

CVE-2017-14095 HIGH

Trend Micro Smart Protection Server <3.2 - RCE

CVE-2016-20082 MEDIUM

WordPress Plugin Abtest Local File Inclusion via abtest_admin.php

CVE-2016-20080 MEDIUM

WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php

CVE-2016-20079 MEDIUM

WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php

CVE-2016-20078 MEDIUM

WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php

CVE-2016-20077 MEDIUM

WordPress Plugin Photocart Link 1.6 Local File Inclusion via decode.php

CVE-2016-20064 MEDIUM

WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

CVE-2016-6565 HIGH

Imagely NextGen Gallery <2.1.57 - Info Disclosure

CVE-2015-10133 HIGH

Subscribe to Comments for WordPress <=2.1.2 - Local File Inclusion

Previous Page 49 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy