Skip to content
← Back to Glossary
Injection

Local File Inclusion (LFI)

An attack that includes local files on the server through user-controlled input.

LFI allows attackers to include local files via vulnerable include() or require() functions. Can be escalated to RCE via log poisoning or PHP wrappers. Prevent by validating file paths and avoiding dynamic includes with user input.

Related Terms

See if your app is vulnerable

Vezraa checks for related security issues. Scan in 25 seconds.

Local File Inclusion (LFI) — Security Glossary | Vezraa