Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,149 vulnerabilities with CWE-98

CVE-2026-28098 HIGH

ThemeREX Save Life <=1.2.13 - PHP LFI

CVE-2026-28097 HIGH

ThemeREX Artrium <=1.0.14 - PHP Local File Inclusion

CVE-2026-28096 HIGH

ThemeREX WealthCo <=2.18 - PHP Local File Inclusion

CVE-2026-28095 HIGH

ThemeREX Marcell <=1.2.14 - PHP Local File Inclusion

CVE-2026-28094 HIGH

ThemeREX RexCoin <=1.2.6 - PHP Local File Inclusion

CVE-2026-28093 HIGH

ThemeREX Ozisti <=1.1.10 - PHP Local File Inclusion

CVE-2026-28092 HIGH

ThemeREX Sounder <=1.3.11 - PHP Local File Inclusion

CVE-2026-28091 HIGH

ThemeREX Coleo <=1.1.7 - PHP Local File Inclusion

CVE-2026-28090 HIGH

ThemeREX Gamezone <=1.1.11 - PHP Local File Inclusion

CVE-2026-28089 HIGH

ThemeREX Daiquiri <=1.2.4 - PHP Local File Inclusion

CVE-2026-28088 HIGH

ThemeREX Aqualots <=1.1.6 - PHP Local File Inclusion

CVE-2026-28087 HIGH

ThemeREX Filmax <=1.1.11 - PHP Local File Inclusion

CVE-2026-28086 HIGH

ThemeREX Run Gran <=2.0 - PHP Local File Inclusion

CVE-2026-28085 HIGH

ThemeREX Mahogany <=2.9 - PHP Local File Inclusion

CVE-2026-28084 HIGH

ThemeREX Bazinga <=1.1.9 - PHP Local File Inclusion

CVE-2026-28081 HIGH

ThemeREX Windsor <=2.5.0 - PHP Local File Inclusion

CVE-2026-28079 HIGH

Conquerors <=1.2.13 - PHP Local File Inclusion

CVE-2026-28077 HIGH

ThemeREX Vapester <=1.1.10 - PHP Local File Inclusion

CVE-2026-28069 HIGH

ThemeREX Le Truffe <=1.1.7 - PHP Local File Inclusion

CVE-2026-28068 HIGH

ThemeREX Rhythmo <=1.3.4 - PHP Local File Inclusion

CVE-2026-28067 HIGH

ThemeREX Bassein <=1.0.15 - PHP Local File Inclusion

CVE-2026-28066 HIGH

ThemeREX Legrand <=2.17 - PHP Local File Inclusion

CVE-2026-28065 HIGH

ThemeREX Eject <=2.17 - PHP Local File Inclusion

CVE-2026-28064 HIGH

ThemeREX Edge Decor <=2.2 - PHP Local File Inclusion

CVE-2026-28063 HIGH

ThemeREX Asia Garden <=1.3.1 - PHP RFI

Previous Page 5 of 46 Next

Details

Vulnerabilities 1,149

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy