Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,114 vulnerabilities with CWE-98

CVE-2026-28079 HIGH

Conquerors <=1.2.13 - PHP Local File Inclusion

CVE-2026-28077 HIGH

ThemeREX Vapester <=1.1.10 - PHP Local File Inclusion

CVE-2026-28069 HIGH

ThemeREX Le Truffe <=1.1.7 - PHP Local File Inclusion

CVE-2026-28068 HIGH

ThemeREX Rhythmo <=1.3.4 - PHP Local File Inclusion

CVE-2026-28067 HIGH

ThemeREX Bassein <=1.0.15 - PHP Local File Inclusion

CVE-2026-28066 HIGH

ThemeREX Legrand <=2.17 - PHP Local File Inclusion

CVE-2026-28065 HIGH

ThemeREX Eject <=2.17 - PHP Local File Inclusion

CVE-2026-28064 HIGH

ThemeREX Edge Decor <=2.2 - PHP Local File Inclusion

CVE-2026-28063 HIGH

ThemeREX Asia Garden <=1.3.1 - PHP RFI

CVE-2026-28062 HIGH

ThemeREX Happy Baby <=1.2.12 - PHP Local File Inclusion

CVE-2026-28061 HIGH

ThemeREX Tiger Claw <=1.1.14 - PHP Local File Inclusion

CVE-2026-28060 HIGH

ThemeREX S.King stephanie-king <=1.5.3 - PHP Local File Inclusion

CVE-2026-28059 HIGH

ThemeREX Dermatology Clinic <=1.4.3 - PHP RFI

CVE-2026-28058 HIGH

ThemeREX Dixon <=1.4.2.1 - PHP Local File Inclusion

CVE-2026-28057 HIGH

ThemeREX Mandala <=2.8 - PHP Local File Inclusion

CVE-2026-28056 HIGH

MCKinney's Politics <=1.2.8 - PHP Local File Inclusion

CVE-2026-28055 HIGH

ThemeREX M.Williamson <=1.2.11 - PHP RFI

CVE-2026-28054 HIGH

ThemeREX Legal Stone <=1.2.11 - PHP Local File Inclusion

CVE-2026-28053 HIGH

ThemeREX Miller <=1.3.3 - PHP Local File Inclusion

CVE-2026-28052 HIGH

ThemeREX Peter Mason <=1.4.5 - PHP RFI

CVE-2026-28051 HIGH

ThemeREX Yacht Rental <=2.6 - PHP Local File Inclusion

CVE-2026-28050 HIGH

ThemeREX Beacon <=2.24 - PHP Local File Inclusion

CVE-2026-28049 HIGH

ThemeREX Police Department <=2.17 - PHP RFI

CVE-2026-28048 HIGH

FlashMart <=2.0.15 - PHP Local File Inclusion

CVE-2026-28047 HIGH

Victo <=1.4.16 - PHP Local File Inclusion

Previous Page 5 of 45 Next

Details

Vulnerabilities 1,114

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy