Remote File inclusion (RFI) is an inclusion attack. Here an attacker can cause the web application to include a remote file by exploiting a web application. This vulnerability affects the web application that uses external files or scripts. The consequences of a successful RFI attack include Information Disclosure and Cross-site Scripting (XSS) to Remote Code Execution.
A server is said to be prone to a remote file inclusion vulnerability because it failed to properly verify user-supplied input. An attacker can include arbitrary remote files containing malicious PHP code and execute it in the context of the web server process. Resulting in the attacker to compromise the application and to gain access to the underlying system.
The impact include:-
This vulnerability can be fixed by:-