Glossary

REMOTE FILE INCLUSION / RFI
defined.

A vulnerability allowing an attacker to include and execute remote files via vulnerable include statements — almost always resulting in immediate RCE.

A–Z

What is Remote File Inclusion (RFI)?

RFI is LFI’s more dangerous sibling: where LFI reads local files, RFI fetches and executes a remote file. PHP’s allow_url_include was a notorious source. Modern frameworks ship with this disabled by default.

Related terms.

Local File Inclusion (LFI)
Remote Code Execution (RCE)
Server-Side Request Forgery (SSRF)
Server-Side Template Injection (SSTI)

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

REMOTE FILE INCLUSION / RFIdefined.

What is Remote File Inclusion (RFI)?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

REMOTE FILE INCLUSION / RFI
defined.

BOOK A FREE
scoping call.