Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,149 vulnerabilities with CWE-98

CVE-2026-28062 HIGH

ThemeREX Happy Baby <=1.2.12 - PHP Local File Inclusion

CVE-2026-28061 HIGH

ThemeREX Tiger Claw <=1.1.14 - PHP Local File Inclusion

CVE-2026-28060 HIGH

ThemeREX S.King stephanie-king <=1.5.3 - PHP Local File Inclusion

CVE-2026-28059 HIGH

ThemeREX Dermatology Clinic <=1.4.3 - PHP RFI

CVE-2026-28058 HIGH

ThemeREX Dixon <=1.4.2.1 - PHP Local File Inclusion

CVE-2026-28057 HIGH

ThemeREX Mandala <=2.8 - PHP Local File Inclusion

CVE-2026-28056 HIGH

MCKinney's Politics <=1.2.8 - PHP Local File Inclusion

CVE-2026-28055 HIGH

ThemeREX M.Williamson <=1.2.11 - PHP RFI

CVE-2026-28054 HIGH

ThemeREX Legal Stone <=1.2.11 - PHP Local File Inclusion

CVE-2026-28053 HIGH

ThemeREX Miller <=1.3.3 - PHP Local File Inclusion

CVE-2026-28052 HIGH

ThemeREX Peter Mason <=1.4.5 - PHP RFI

CVE-2026-28051 HIGH

ThemeREX Yacht Rental <=2.6 - PHP Local File Inclusion

CVE-2026-28050 HIGH

ThemeREX Beacon <=2.24 - PHP Local File Inclusion

CVE-2026-28049 HIGH

ThemeREX Police Department <=2.17 - PHP RFI

CVE-2026-28048 HIGH

FlashMart <=2.0.15 - PHP Local File Inclusion

CVE-2026-28047 HIGH

Victo <=1.4.16 - PHP Local File Inclusion

CVE-2026-28046 HIGH

ThemeREX Law Office <=3.3.0 - PHP RFI

CVE-2026-28045 HIGH

ThemeREX N7 Golf Club <=2.16.0 - PHP RFI

CVE-2026-28043 CRITICAL

ThemeREX Healer <=1.0.0 - PHP Local File Inclusion

CVE-2026-28041 HIGH

AncoraThemes Grit <=1.0.1 - PHP Local File Inclusion

CVE-2026-28039 HIGH

wpDataTables <=6.5.0.1 - PHP Local File Inclusion

CVE-2026-28035 HIGH

ThemeREX Printy <=1.8 - PHP Local File Inclusion

CVE-2026-28034 HIGH

ThemeREX Progress <=1.2 - PHP Local File Inclusion

CVE-2026-28033 HIGH

ThemeREX Edifice <=1.8 - PHP Local File Inclusion

CVE-2026-28032 HIGH

ThemeREX Tuning <=1.3 - PHP Local File Inclusion

Previous Page 6 of 46 Next

Details

Vulnerabilities 1,149

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy