Local File inclusion (LFI) refers to an inclusion attack. An attacker can trick the online application in including files on the online server. The attacker does this by exploiting functionality that dynamically includes native files or scripts. The consequence of a successful LFI attack. It includes Directory Traversal and information revealing also as Remote Code Execution.
This server allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. This is due to the use of user-supplied input without proper validation.