Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,149 vulnerabilities with CWE-98

CVE-2026-28031 HIGH

ThemeREX Invetex <=2.18 - PHP Local File Inclusion

CVE-2026-28030 HIGH

ThemeREX Bonbon <=1.6 - PHP Local File Inclusion

CVE-2026-28029 HIGH

ThemeREX EmojiNation <=1.0.12 - PHP RFI

CVE-2026-28028 HIGH

ThemeREX MoneyFlow <=1.0 - PHP Local File Inclusion

CVE-2026-28027 HIGH

ThemeREX Kayon <=1.3 - PHP Local File Inclusion

CVE-2026-28026 HIGH

ThemeREX Motorix <=1.6 - PHP Local File Inclusion

CVE-2026-28025 HIGH

ThemeREX Stargaze <=1.5 - PHP Local File Inclusion

CVE-2026-28024 HIGH

Helion <=1.1.12 - PHP Local File Inclusion

CVE-2026-28023 HIGH

ThemeREX Nuts <=1.10 - PHP Local File Inclusion

CVE-2026-28022 HIGH

ThemeREX Foodie <=1.14 - PHP Local File Inclusion

CVE-2026-28021 HIGH

ThemeREX Craftis <=1.2.8 - PHP Local File Inclusion

CVE-2026-28020 HIGH

ThemeREX Chroma <=1.11 - PHP Local File Inclusion

CVE-2026-28019 HIGH

ThemeREX Manoir <=1.11 - PHP Local File Inclusion

CVE-2026-28018 HIGH

ThemeREX Global Logistics <=3.20 - PHP RFI

CVE-2026-28017 HIGH

ThemeREX Green Thumb <=1.1.12 - PHP Local File Inclusion

CVE-2026-28016 HIGH

ThemeREX Luxury Wine <=1.1.14 - PHP RFI

CVE-2026-28015 HIGH

ThemeREX ShiftCV <=3.0.14 - PHP Local File Inclusion

CVE-2026-28014 HIGH

ThemeREX Translogic <=1.2.11 - PHP RFI

CVE-2026-28013 HIGH

ThemeREX Kratz <=1.0.12 - PHP Local File Inclusion

CVE-2026-28012 HIGH

ThemeREX Gridiron <=1.0.14 - PHP Local File Inclusion

CVE-2026-28011 HIGH

ThemeREX Yottis <=1.0.10 - PHP Local File Inclusion

CVE-2026-28010 HIGH

ThemeREX Scientia <=1.2.4 - PHP Local File Inclusion

CVE-2026-28009 HIGH

ThemeREX DroneX <=1.1.12 - PHP Local File Inclusion

CVE-2026-28007 HIGH

ThemeREX Coinpress <=1.0.14 - PHP RFI

CVE-2026-28006 HIGH

ThemeREX Yungen <=1.0.12 - PHP Local File Inclusion

Previous Page 7 of 46 Next

Details

Vulnerabilities 1,149

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy