Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,114 vulnerabilities with CWE-98

CVE-2026-28015 HIGH

ThemeREX ShiftCV <=3.0.14 - PHP Local File Inclusion

CVE-2026-28014 HIGH

ThemeREX Translogic <=1.2.11 - PHP RFI

CVE-2026-28013 HIGH

ThemeREX Kratz <=1.0.12 - PHP Local File Inclusion

CVE-2026-28012 HIGH

ThemeREX Gridiron <=1.0.14 - PHP Local File Inclusion

CVE-2026-28011 HIGH

ThemeREX Yottis <=1.0.10 - PHP Local File Inclusion

CVE-2026-28010 HIGH

ThemeREX Scientia <=1.2.4 - PHP Local File Inclusion

CVE-2026-28009 HIGH

ThemeREX DroneX <=1.1.12 - PHP Local File Inclusion

CVE-2026-28007 HIGH

ThemeREX Coinpress <=1.0.14 - PHP RFI

CVE-2026-28006 HIGH

ThemeREX Yungen <=1.0.12 - PHP Local File Inclusion

CVE-2026-27998 HIGH

ThemeREX Vixus <=1.0.16 - PHP Local File Inclusion

CVE-2026-27997 HIGH

ThemeREX Maxify <=1.0.16 - PHP Local File Inclusion

CVE-2026-27996 HIGH

ThemeREX Lingvico <=1.0.14 - PHP Local File Inclusion

CVE-2026-27995 HIGH

ThemeREX Justitia <=1.1.0 - PHP Local File Inclusion

CVE-2026-27994 HIGH

ThemeREX Tediss <=1.2.4 - PHP Local File Inclusion

CVE-2026-27993 HIGH

ThemeREX Aldo <=1.0.10 - PHP Local File Inclusion

CVE-2026-27992 HIGH

ThemeREX Meals & Wheels <=1.1.12 - PHP LFI

CVE-2026-27991 HIGH

ThemeREX Avventure <=1.1.12 - PHP Local File Inclusion

CVE-2026-27990 HIGH

ThemeREX ConFix <=1.013 - PHP Local File Inclusion

CVE-2026-27989 HIGH

ThemeREX Quanzo <=1.0.10 - PHP Local File Inclusion

CVE-2026-27988 HIGH

ThemeREX Equadio <=1.1.3 - PHP RFI

CVE-2026-27987 HIGH

The Qlean <=2.12 - PHP Local File Inclusion

CVE-2026-27986 HIGH

ThemeREX OsTende <=1.4.3 - PHP Local File Inclusion

CVE-2026-27985 HIGH

ThemeREX Humanum <=1.1.4 - PHP Local File Inclusion

CVE-2026-27383 HIGH

RadiusTheme Metro <=2.13 - PHP Local File Inclusion

CVE-2026-27381 HIGH

Thembay Aora <=1.3.15 - PHP Local File Inclusion

Previous Page 7 of 45 Next

Details

Vulnerabilities 1,114

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy