Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-98:Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Weakness ID:98
Version:v4.17
Weakness Name:Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Vulnerability Mapping:Allowed
Abstraction:Variant
Structure:Simple
Status:Draft
Likelihood of Exploit:High
DetailsContent HistoryObserved CVE ExamplesReports
▼Submissions
Submission DateRelease DateSubmitterOrganizationVersionComment
2006-07-192006-07-19PLOVERN/ADraft 3

N/A

Submission Date: 2006-07-19

Release Date: 2006-07-19

Submitter: PLOVER

Organization: N/A

Version: Draft 3

Comment:

N/A

▼Modifications
Modification DateRelease DateModifierOrganizationVersionImportanceComment
2008-07-01N/AEric DalciCigitalN/AN/A

updated Time_of_Introduction

2008-09-08N/ACWE Content TeamMITREN/AN/A

updated Relationships, Relationship_Notes, Research_Gaps, Taxonomy_Mappings

2009-01-12N/ACWE Content TeamMITREN/AN/A

updated Relationships

2009-03-10N/ACWE Content TeamMITREN/AN/A

updated Relationships

2009-05-27N/ACWE Content TeamMITREN/AN/A

updated Description, Name

2009-12-28N/ACWE Content TeamMITREN/AN/A

updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, Potential_Mitigations, Time_of_Introduction

2010-02-16N/ACWE Content TeamMITREN/AN/A

converted from Compound_Element to Weakness

2010-02-16N/ACWE Content TeamMITREN/AN/A

updated Alternate_Terms, Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Type

2010-06-21N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations, References

2010-09-27N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations

2010-12-13N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations

2011-06-27N/ACWE Content TeamMITREN/AN/A

updated Relationships

2012-10-30N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations, References

2013-02-21N/ACWE Content TeamMITREN/AN/A

updated Alternate_Terms, Name, Observed_Examples

2017-01-19N/ACWE Content TeamMITREN/AN/A

updated Relationships

2017-11-08N/ACWE Content TeamMITREN/AN/A

updated Affected_Resources, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships

2019-06-20N/ACWE Content TeamMITREN/AN/A

updated Type

2020-02-24N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations, Relationships

2020-06-25N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations

2021-03-15N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations

2021-10-28N/ACWE Content TeamMITREN/AN/A

updated Relationships

2022-04-28N/ACWE Content TeamMITREN/AN/A

updated Research_Gaps

2022-10-13N/ACWE Content TeamMITREN/AN/A

updated References

2023-01-31N/ACWE Content TeamMITREN/AN/A

updated Description, Detection_Factors

2023-04-27N/ACWE Content TeamMITREN/AN/A

updated References, Relationships, Time_of_Introduction

2023-06-29N/ACWE Content TeamMITREN/AN/A

updated Mapping_Notes

2025-04-032025-04-03CWE Content TeamMITRE4.17N/A

updated Demonstrative_Examples

Modification Date: 2008-07-01

Release Date: N/A

Modifier: Eric Dalci

Organization: Cigital

Version: N/A

Importance: N/A

Comment:

updated Time_of_Introduction

Modification Date: 2008-09-08

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships, Relationship_Notes, Research_Gaps, Taxonomy_Mappings

Modification Date: 2009-01-12

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2009-03-10

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2009-05-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Description, Name

Modification Date: 2009-12-28

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, Potential_Mitigations, Time_of_Introduction

Modification Date: 2010-02-16

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

converted from Compound_Element to Weakness

Modification Date: 2010-02-16

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Alternate_Terms, Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Type

Modification Date: 2010-06-21

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations, References

Modification Date: 2010-09-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations

Modification Date: 2010-12-13

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations

Modification Date: 2011-06-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2012-10-30

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations, References

Modification Date: 2013-02-21

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Alternate_Terms, Name, Observed_Examples

Modification Date: 2017-01-19

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2017-11-08

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Affected_Resources, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships

Modification Date: 2019-06-20

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Type

Modification Date: 2020-02-24

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations, Relationships

Modification Date: 2020-06-25

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations

Modification Date: 2021-03-15

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations

Modification Date: 2021-10-28

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2022-04-28

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Research_Gaps

Modification Date: 2022-10-13

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated References

Modification Date: 2023-01-31

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Description, Detection_Factors

Modification Date: 2023-04-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated References, Relationships, Time_of_Introduction

Modification Date: 2023-06-29

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Mapping_Notes

Modification Date: 2025-04-03

Release Date: 2025-04-03

Modifier: CWE Content Team

Organization: MITRE

Version: 4.17

Importance: N/A

Comment:

updated Demonstrative_Examples

▼Contributions
Contributor DateRelease DateTypeContributorOrganizationVersionComment
▼Previous Name Entries
Change DatePrevious Entry NameVersion
2008-04-11

PHP File Inclusion

N/A
2009-05-27

Insufficient Control of Filename for Include/Require Statement in PHP Program (aka 'PHP File Inclusion')

N/A
2013-02-21

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')

N/A

Change Date: 2008-04-11

Version: N/A

Previous Entry Name: PHP File Inclusion

Change Date: 2009-05-27

Version: N/A

Previous Entry Name: Insufficient Control of Filename for Include/Require Statement in PHP Program (aka 'PHP File Inclusion')

Change Date: 2013-02-21

Version: N/A

Previous Entry Name: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')