← Back
CWE-98

1,143 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

JSON object

Loading...

CVEs (1,143)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-6461
1Schneider Electric
11Bmxnoc0401 Firmware
Bmxnoe0100 FirmwareBmxnoe0110 Firmware+8 more
Nov 21, 2024
Mar 21, 2019
N/A· v4
5.4 MEDIUM· v3
5.5 MEDIUM· v2
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302,...Show more
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.Show less
CVE-2016-6565
1Imagely
1Nextgen Gallery
Nov 21, 2024
Jul 13, 2018
N/A· v4
7.5 HIGH· v3
6.0 MEDIUM· v2
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary file...Show more
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).Show less
CVE-2017-14095
1Trendmicro
1Smart Protection Server
Nov 21, 2024
Jan 19, 2018
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.