Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,149 vulnerabilities with CWE-98

CVE-2026-27097 HIGH

CasaMia Theme <=1.1.2 - PHP Local File Inclusion

CVE-2026-23801 HIGH

The Issue <=1.6.11 - PHP Local File Inclusion

CVE-2026-22478 HIGH

FindAll <=1.4 - PHP Local File Inclusion

CVE-2026-22477 HIGH

AncoraThemes Felizia <=1.3.4 - PHP RFI

CVE-2026-22476 HIGH

Etchy <=1.0 - PHP Local File Inclusion

CVE-2026-22457 HIGH

Wanderland <=1.5 - PHP Local File Inclusion

CVE-2026-22456 HIGH

Askka <=1.0 - PHP Local File Inclusion

CVE-2026-22452 HIGH

ThemeREX Hoverex <=1.5.10 - PHP Local File Inclusion

CVE-2026-22449 HIGH

Select-Themes Don Peppe <=1.3 - PHP RFI

CVE-2026-22446 HIGH

Prowess <=1.8.1 - PHP Local File Inclusion

CVE-2026-22443 HIGH

ThemeREX Alliance <=3.1.1 - PHP Local File Inclusion

CVE-2026-22442 HIGH

Tribe <=1.7.3 - PHP Local File Inclusion

CVE-2026-22441 HIGH

Zentrum <=1.0 - PHP Local File Inclusion

CVE-2026-22439 HIGH

AncoraThemes Green Planet <=1.1.14 - PHP RFI

CVE-2026-22437 HIGH

AncoraThemes Playa <=1.3.9 - PHP RFI

CVE-2026-22436 HIGH

Helvig <=1.0 - PHP Local File Inclusion

CVE-2026-22435 HIGH

AncoraThemes ElectroServ <=1.3.2 - PHP RFI

CVE-2026-22434 HIGH

AncoraThemes Crown Art <=1.2.11 - PHP Local File Inclusion

CVE-2026-22433 HIGH

AncoraThemes CloudMe <=1.2.2 - PHP RFI

CVE-2026-22432 HIGH

AncoraThemes Woopy <=1.2 - PHP Local File Inclusion

CVE-2026-22431 HIGH

AncoraThemes Wabi-Sabi <=1.2 - PHP Local File Inclusion

CVE-2026-22429 HIGH

Mikado-Themes Verdure <=1.6 - PHP RFI

CVE-2026-22428 HIGH

AncoraThemes Tooth Fairy <=1.16 - PHP Local File Inclusion

CVE-2026-22427 HIGH

Mikado-Themes GoTravel <=2.1 - PHP RFI

CVE-2026-22425 HIGH

Sweet Jane <=1.2 - PHP Local File Inclusion

Previous Page 9 of 46 Next

Details

Vulnerabilities 1,149

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy