Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-98 (PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)) — Vulnerability Class 1082

1082 vulnerabilities classified as CWE-98 (PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-3499 ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor 8.8 High2024-05-02
CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui — parisneo/lollms-webui 7.5AIHighAI2024-04-10
CVE-2024-3136 MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template — MasterStudy LMS WordPress Plugin – for Online Courses and Education 9.8 Critical2024-04-09
CVE-2024-2047 ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor 8.8 High2024-03-30
CVE-2024-3061 HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.2 - Authenticated (Admin+) Local File Inclusion — HUSKY – Products Filter Professional for WooCommerce 7.2 High2024-03-29
CVE-2024-2411 MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal — MasterStudy LMS WordPress Plugin – for Online Courses and Education 9.8 Critical2024-03-29
CVE-2024-1382 Restaurant Reservations <= 1.9 - Directory Traversal to Authenticated (Contributor+) Local File Inclusion — Restaurant Reservations 8.8 High2024-03-07
CVE-2023-6989 Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 18.5.9 - Unauthenticated Local File Inclusion — Shield: Blocks Bots, Protects Users, and Prevents Security Breaches 9.8 Critical2024-02-05
CVE-2024-0315 Remote file inclusion vulnerability in FireEye Central Management — FireEye Central Management 6.6 Medium2024-01-15
CVE-2023-6583 Import and export users and customers <= 1.24.2 - Authenticated(Administrator+) Directory Traversal via Recurring Import Functionality — Import and export users and customers 6.6 Medium2024-01-11
CVE-2023-49084 Local File Inclusion (RCE) in Cacti — cacti 8.1 High2023-12-21
CVE-2023-5815 News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion — Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News 8.1 High2023-11-22
CVE-2023-5099 HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode — HTML filter and csv-file search 8.8 High2023-10-31
CVE-2023-5250 Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode — Grid Plus – Unlimited grid layout 8.8 High2023-10-30
CVE-2023-5199 PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode — PHP to Page 9.9 Critical2023-10-30
CVE-2023-4488 Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion — Dropbox Folder Share 9.8 Critical2023-10-20
CVE-2023-3452 Canto <= 3.0.4 - Unauthenticated Remote File Inclusion — Canto 9.8 Critical2023-08-12
CVE-2023-4195 PHP Remote File Inclusion in cockpit-hq/cockpit — cockpit-hq/cockpit 8.8 -2023-08-06
CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents — wpForo Forum 8.8 High2023-06-09
CVE-2023-2551 PHP Remote File Inclusion in unilogies/bumsys — unilogies/bumsys 8.1 -2023-05-05
CVE-2022-4606 PHP Remote File Inclusion in flatpressblog/flatpress — flatpressblog/flatpress 9.8 -2022-12-18
CVE-2022-4446 PHP Remote File Inclusion in tsolucio/corebos — tsolucio/corebos 9.8 -2022-12-13
CVE-2021-29113 Remote file inclusion vulnerability in ArcGIS Server help documentation — ArcGIS Server 4.7 -2021-12-07
CVE-2021-22968 PortlandLabs Concrete CMS 代码问题漏洞 — https://github.com/concrete5/concrete5 7.2 -2021-11-19
CVE-2021-21804 Advantech R-SeeNet 安全漏洞 — Advantech 9.8 -2021-07-16
CVE-2020-13175 Teradici Cloud Access Connector和Cloud Access Connector Legacy 安全漏洞 — - Cloud Access Connector - Cloud Access Connector Legacy 7.5 -2020-08-11
CVE-2020-5295 Local File read vulnerability in OctoberCMS — october 4.8 Medium2020-06-03
CVE-2019-5479 larvitbase-api 注入漏洞 — larvitbase-api 7.5 -2019-09-03
CVE-2014-9186 Honeywell International Experion PKS 输入验证错误漏洞 — Experion PKS 9.8 -2019-04-08
CVE-2015-6461 Schneider Electric Modicon M340 PLC Station P34模块安全漏洞 — Schneider Electric Modicon PLC 6.4 -2019-03-21

Vulnerabilities classified as CWE-98 (PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)) represent 1082 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.