Local File Inclusion

Local File Inclusion, or LFI, occurs when an application includes or reads local files based on user-controlled input without proper restrictions. Attackers may exploit LFI to access configuration files, logs, credentials, source code, or sensitive server-side data. In some cases, LFI can be chained with log poisoning, file upload weaknesses, or misconfigurations to achieve code execution or deeper application compromise.