Injection
Local File Inclusion (LFI)
An attack that includes local files on the server through user-controlled input.
LFI allows attackers to include local files via vulnerable include() or require() functions. Can be escalated to RCE via log poisoning or PHP wrappers. Prevent by validating file paths and avoiding dynamic includes with user input.