Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,149 vulnerabilities with CWE-98

CVE-2026-27998 HIGH

ThemeREX Vixus <=1.0.16 - PHP Local File Inclusion

CVE-2026-27997 HIGH

ThemeREX Maxify <=1.0.16 - PHP Local File Inclusion

CVE-2026-27996 HIGH

ThemeREX Lingvico <=1.0.14 - PHP Local File Inclusion

CVE-2026-27995 HIGH

ThemeREX Justitia <=1.1.0 - PHP Local File Inclusion

CVE-2026-27994 HIGH

ThemeREX Tediss <=1.2.4 - PHP Local File Inclusion

CVE-2026-27993 HIGH

ThemeREX Aldo <=1.0.10 - PHP Local File Inclusion

CVE-2026-27992 HIGH

ThemeREX Meals & Wheels <=1.1.12 - PHP LFI

CVE-2026-27991 HIGH

ThemeREX Avventure <=1.1.12 - PHP Local File Inclusion

CVE-2026-27990 HIGH

ThemeREX ConFix <=1.013 - PHP Local File Inclusion

CVE-2026-27989 HIGH

ThemeREX Quanzo <=1.0.10 - PHP Local File Inclusion

CVE-2026-27988 HIGH

ThemeREX Equadio <= 1.1.3 - PHP Local File Inclusion

CVE-2026-27987 HIGH

The Qlean <=2.12 - PHP Local File Inclusion

CVE-2026-27986 HIGH

ThemeREX OsTende <=1.4.3 - PHP Local File Inclusion

CVE-2026-27985 HIGH

ThemeREX Humanum <=1.1.4 - PHP Local File Inclusion

CVE-2026-27383 HIGH

RadiusTheme Metro <=2.13 - PHP Local File Inclusion

CVE-2026-27381 HIGH

Thembay Aora <=1.3.15 - PHP Local File Inclusion

CVE-2026-27342 HIGH

TopFit Theme <=1.9 - PHP Local File Inclusion

CVE-2026-27341 HIGH

TopScorer - Sports WordPress Theme <=1.2 - PHP LFI

CVE-2026-27340 HIGH

AncoraThemes Apollo <=1.3.1 - PHP RFI

CVE-2026-27339 HIGH

Buzz Stone WordPress Theme <=1.0.2 - PHP LFI

CVE-2026-27337 HIGH

Chronicle WordPress Theme <=1.0 - PHP RFI

CVE-2026-27336 HIGH

Consultor Theme <=1.2.4 - PHP Local File Inclusion

CVE-2026-27335 HIGH

AncoraThemes Ekoterra <=1.0.0 - PHP RFI

CVE-2026-27334 HIGH

Alchemists <=4.6.0 - PHP Local File Inclusion

CVE-2026-27326 HIGH

AC Services Theme <=1.2.5 - PHP Local File Inclusion

Previous Page 8 of 46 Next

Details

Vulnerabilities 1,149

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy