Injection
Remote File Inclusion (RFI)
An attack that includes remote files from external servers through vulnerable includes.
RFI allows attackers to load remote files (usually PHP scripts) onto your server via include() functions that accept user input without validation. Modern frameworks mostly prevent this, but legacy PHP apps remain vulnerable.