← Back
CWE-98

1,143 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

JSON object

Loading...

CVEs (1,143)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-47572
-
-
Apr 28, 2026
Jun 17, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects School Management: f...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects School Management: from n/a through 93.0.0.Show less
CVE-2025-32549
-
-
Apr 28, 2026
Jun 17, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from n/a through 65.0.
CVE-2025-29002
-
-
Apr 23, 2026
Jun 17, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Simen snssimen allows PHP Local File Inclusion.This issue affects Simen: from n/a through...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Simen snssimen allows PHP Local File Inclusion.This issue affects Simen: from n/a through <= 4.6.Show less
CVE-2025-28991
-
-
Apr 23, 2026
Jun 17, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Evon snsevon allows PHP Local File Inclusion.This issue affects Evon: from n/a through <=...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Evon snsevon allows PHP Local File Inclusion.This issue affects Evon: from n/a through <= 3.4.Show less
CVE-2025-24761
-
-
Apr 23, 2026
Jun 17, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK dsk allows PHP Local File Inclusion.This issue affects DSK: from n/a through < 2.4.
CVE-2025-4200
-
-
Jun 16, 2025
Jun 14, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the load_view() function that is called via at le...Show more
The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the load_view() function that is called via at least three AJAX actions: 'load_more_post', 'load_shop', and 'load_more_product. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.Show less
CVE-2025-49454
-
-
Apr 29, 2026
Jun 10, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a t...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through < 3.10.0.Show less
CVE-2025-49282
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magze magze allows PHP Local File Inclusion.This issue affects Magze: from n/a through <=...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magze magze allows PHP Local File Inclusion.This issue affects Magze: from n/a through <= 1.0.9.Show less
CVE-2025-49281
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magways magways allows PHP Local File Inclusion.This issue affects Magways: from n/a throu...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magways magways allows PHP Local File Inclusion.This issue affects Magways: from n/a through <= 1.2.1.Show less
CVE-2025-49280
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magty magty allows PHP Local File Inclusion.This issue affects Magty: from n/a through <=...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magty magty allows PHP Local File Inclusion.This issue affects Magty: from n/a through <= 1.0.6.Show less
CVE-2025-49279
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogvy blogvy allows PHP Local File Inclusion.This issue affects Blogvy: from n/a through...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogvy blogvy allows PHP Local File Inclusion.This issue affects Blogvy: from n/a through <= 1.0.7.Show less
CVE-2025-49278
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogty blogty allows PHP Local File Inclusion.This issue affects Blogty: from n/a through...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogty blogty allows PHP Local File Inclusion.This issue affects Blogty: from n/a through <= 1.0.11.Show less
CVE-2025-49277
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogprise blogprise allows PHP Local File Inclusion.This issue affects Blogprise: from n/a...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogprise blogprise allows PHP Local File Inclusion.This issue affects Blogprise: from n/a through <= 1.0.9.Show less
CVE-2025-49276
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogmine blogmine allows PHP Local File Inclusion.This issue affects Blogmine: from n/a th...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogmine blogmine allows PHP Local File Inclusion.This issue affects Blogmine: from n/a through <= 1.1.7.Show less
CVE-2025-49275
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue affects Blogbyte: from n/a th...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue affects Blogbyte: from n/a through <= 1.1.1.Show less
CVE-2025-48126
1G5plus
1Essential Real Estate
Apr 28, 2026
Jun 9, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affe...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through <= 5.2.9.Show less
CVE-2025-48125
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affec...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager: from n/a through <= 3.1.51.Show less
CVE-2025-39476
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Revo revo allows PHP Local File Inclusion.This issue affects Revo: from n/a through <= 4....Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Revo revo allows PHP Local File Inclusion.This issue affects Revo: from n/a through <= 4.0.26.Show less
CVE-2025-32595
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through < 1.5...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through < 1.5.0.Show less
CVE-2025-28992
-
-
Apr 23, 2026
Jun 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Anton snsanton allows PHP Local File Inclusion.This issue affects SNS Anton: from n/a...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Anton snsanton allows PHP Local File Inclusion.This issue affects SNS Anton: from n/a through <= 4.1.Show less