Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

CVEs (1,143)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-22366 - - Feb 20, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through <=...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through <= 1.3.0.Show less
CVE-2026-22365 - - Apr 28, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects Soleng: from n/a throu...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects Soleng: from n/a through <= 1.0.5.Show less
CVE-2026-22364 - - Feb 20, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: fr...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through <=1.0.2.Show less
CVE-2026-22363 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rhodos: from n/a throu...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rhodos: from n/a through <= 1.3.3.Show less
CVE-2026-22362 - - Feb 20, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affects Photolia: from n/a...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affects Photolia: from n/a through <= 1.0.3.Show less
CVE-2026-22361 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-Mart: from n/a throu...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-Mart: from n/a through <= 1.0.2.Show less
CVE-2026-22356 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM:...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through <= 6.7.0.Show less
CVE-2026-22344 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affects FiveStar: from n...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affects FiveStar: from n/a through <= 1.7.Show less
CVE-2025-69410 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Belletrist belletrist allows PHP Local File Inclusion.This issue affects Belletrist: fr...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Belletrist belletrist allows PHP Local File Inclusion.This issue affects Belletrist: from n/a through <= 1.2.Show less
CVE-2025-69409 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes PJ \| Life & Business Coaching pj allows PHP Local File Inclusion.This issue affects PJ...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes PJ \| Life & Business Coaching pj allows PHP Local File Inclusion.This issue affects PJ \| Life & Business Coaching: from n/a through <= 3.0.0.Show less
CVE-2025-69408 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issue affects HealthFirs...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issue affects HealthFirst: from n/a through <= 1.0.1.Show less
CVE-2025-69407 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through <= 2.5.1.Show less
CVE-2025-69406 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects FreightCo: from n/a...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects FreightCo: from n/a through <= 1.1.7.Show less
CVE-2025-69402 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX R&F rf allows PHP Local File Inclusion.This issue affects R&F: from n/a through <= 1.5.
CVE-2025-69400 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yokoo yokoo allows PHP Local File Inclusion.This issue affects Yokoo: from n/a through <=...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yokoo yokoo allows PHP Local File Inclusion.This issue affects Yokoo: from n/a through <= 1.1.11.Show less
CVE-2025-69399 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Cobble cobble allows PHP Local File Inclusion.This issue affects Cobble: from n/a through...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Cobble cobble allows PHP Local File Inclusion.This issue affects Cobble: from n/a through <= 1.7.Show less
CVE-2025-69398 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Plank plank allows PHP Local File Inclusion.This issue affects Plank: from n/a through <=...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Plank plank allows PHP Local File Inclusion.This issue affects Plank: from n/a through <= 1.7.Show less
CVE-2025-69397 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tint tint allows PHP Local File Inclusion.This issue affects Tint: from n/a through <= 1.7...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tint tint allows PHP Local File Inclusion.This issue affects Tint: from n/a through <= 1.7.Show less
CVE-2025-69396 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Splendour splendour allows PHP Local File Inclusion.This issue affects Splendour: from n/a...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Splendour splendour allows PHP Local File Inclusion.This issue affects Splendour: from n/a through <= 1.23.Show less
CVE-2025-69395 - - Feb 24, 2026 Feb 20, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gable gable allows PHP Local File Inclusion.This issue affects Gable: from n/a through <=...Show more Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gable gable allows PHP Local File Inclusion.This issue affects Gable: from n/a through <= 1.5.Show less

Previous 1...141516...58 Next