Skip to content
← Back to Glossary
Injection

Remote File Inclusion (RFI)

An attack that includes remote files from external servers through vulnerable includes.

RFI allows attackers to load remote files (usually PHP scripts) onto your server via include() functions that accept user input without validation. Modern frameworks mostly prevent this, but legacy PHP apps remain vulnerable.

Related Terms

See if your app is vulnerable

Vezraa checks for related security issues. Scan in 25 seconds.

Remote File Inclusion (RFI) — Security Glossary | Vezraa