File Inclusion Vulnerabilities

Local File Inclusion (LFI)

LFI occurs when a web app allows a user to submit input to files or upload files to the server. This can allow attackers to read or execute files on the victim system. These vulnerabilities can be critical if the web app is running as root or as a high privilege user.

Remote File Inclusion (RFI)

RFI is similar to LFI, except instead of accessing a file on the server, the attacker is able to execute code hosted on their own system.