CWE-98

Overview

CWE ID
98

CWE Name
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CWE Abstraction
Variant

CWE structure
Simple

CWE Status
Draft

Description

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

Extended Description

In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the software will obtain the code to execute. In other cases in association with path traversal, the attacker can specify a local fi

Related CWEs

CWE ID	View ID	Nature	Ordinal
706	1000	ChildOf
829	1000	ChildOf	Primary
94	1000	CanPrecede
426	1000	CanAlsoBe

Related CVEs

CVE
CVE-2022-4606
CVE-2023-2551
CVE-2021-22968
CVE-2023-3452
CVE-2024-4315
CVE-2023-4195
CVE-2023-49084
CVE-2024-31459
CVE-2024-1600
CVE-2024-0315
CVE-2024-36415
CVE-2024-35629
CVE-2024-35650
CVE-2024-31459
CVE-2024-1600
CVE-2024-0315
CVE-2024-36415
CVE-2024-35629
CVE-2024-35650
CVE-2024-35629
CVE-2024-35650
CVE-2024-6589
CVE-2024-4359
CVE-2024-43261
CVE-2024-5762
CVE-2024-8252
CVE-2024-41925
CVE-2024-41925
CVE-2024-41925
CVE-2024-9981
CVE-2024-48029
CVE-2024-49251
CVE-2024-49317
CVE-2024-49243
CVE-2024-49701
CVE-2024-49690
CVE-2024-8392
CVE-2024-50435
CVE-2024-50457
CVE-2024-50436
CVE-2024-50434
CVE-2024-50497
CVE-2024-10436
CVE-2024-10871
CVE-2024-10571
CVE-2024-52381
CVE-2024-52386
CVE-2024-52428
CVE-2024-10898
CVE-2024-52450
CVE-2024-10873