CWE-98(Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'))描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
| 類型 | 名稱 | 類 | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | PHP | — | Often | — |
| technology | — | Web Based | Undetermined | — |
| technology | Web Server | — | Undetermined | — |
下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。
| CVE | 公開時間 | 摘要 |
|---|---|---|
| CVE-2026-13080 | 2026-07-09 | The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the 'logKey'… |
| CVE-2026-12194 | 2026-07-04 | PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is n… |
| CVE-2026-5137 | 2026-07-03 | The RTMKit (rometheme-for-elementor) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' pa… |
| CVE-2026-57749 | 2026-07-02 | Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 versions. |
| CVE-2026-57748 | 2026-07-02 | Contributor Local File Inclusion in Shopify <= 1.0.0 versions. |
| CVE-2026-42382 | 2026-07-02 | Unauthenticated Local File Inclusion in Audrey <= 1.5 versions. |
| CVE-2026-27412 | 2026-07-02 | Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions. |
| CVE-2025-69133 | 2026-07-02 | Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions. |
| CVE-2025-58902 | 2026-07-02 | Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 versions. |
| CVE-2026-12923 | 2026-07-01 | The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emd_dele… |
| CVE-2026-57647 | 2026-06-26 | Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. |
| CVE-2025-68064 | 2026-06-26 | Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. |
| CVE-2025-68063 | 2026-06-26 | Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions. |
| CVE-2026-54845 | 2026-06-25 | Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. |
| CVE-2019-25760 | 2026-06-19 | Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send… |
| CVE-2026-7515 | 2026-06-19 | The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the `doc_style` parameter. This makes it possible for unauthenticated attacker… |
| CVE-2026-48820 | 2026-06-17 | CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::_getElementFileName() d… |
| CVE-2026-54814 | 2026-06-17 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Moto… |
| CVE-2026-39590 | 2026-06-17 | Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions. |
| CVE-2026-39559 | 2026-06-17 | Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions. |
| 日期 | 名稱 | 版本 | 重要性 | 評論 |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Relationship_Notes, Research_Gaps, Taxonomy_Mappings |
| 2009-01-12 | CWE Content Team | 1.2 | — | updated Relationships |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Relationships |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Description, Name |
| 2009-12-28 | CWE Content Team | 1.7 | — | updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, Potential_Mitigations, Time_of_Introduction |
| 2010-02-16 | CWE Content Team | 1.8 | Critical | converted from Compound_Element to Weakness |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Alternate_Terms, Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Type |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Potential_Mitigations, References |
| 2010-09-27 | CWE Content Team | 1.10 | — | updated Potential_Mitigations |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Potential_Mitigations |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations, References |
| 2013-02-21 | CWE Content Team | 2.4 | — | updated Alternate_Terms, Name, Observed_Examples |
| 2017-01-19 | CWE Content Team | 2.10 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Affected_Resources, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Type |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Potential_Mitigations, Relationships |
| 2020-06-25 | CWE Content Team | 4.1 | — | updated Potential_Mitigations |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Potential_Mitigations |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated Research_Gaps |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated References |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description, Detection_Factors |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated References, Relationships, Time_of_Introduction |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-04-03 | CWE Content Team | 4.17 | — | updated Demonstrative_Examples |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Potential_Mitigations, References |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Demonstrative_Examples, Relationships, Weakness_Ordinalities |