Statements (27)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Web security vulnerability
|
gptkbp:abbreviation |
gptkb:RFI
|
gptkbp:affects |
web applications
|
gptkbp:can_be_exploited_via |
untrusted input
user-supplied URL parameters |
gptkbp:canBe |
malware distribution
web shell installation |
gptkbp:cause |
data theft
website defacement server compromise |
gptkbp:commonIn |
PHP applications
|
gptkbp:detects |
web application scanners
|
gptkbp:documentedIn |
gptkb:OWASP
|
gptkbp:enables |
remote code execution
arbitrary file inclusion |
gptkbp:exploits |
improper input validation
insecure file inclusion mechanisms |
gptkbp:firstAppearance |
early 2000s
|
https://www.w3.org/2000/01/rdf-schema#label |
Remote File Inclusion
|
gptkbp:mitigatedBy |
input validation
disabling remote file inclusion in configuration |
gptkbp:prevention |
disabling URL wrappers
using allowlists for file inclusion |
gptkbp:relatedTo |
gptkb:Local_File_Inclusion
Directory Traversal |
gptkbp:bfsParent |
gptkb:fire
|
gptkbp:bfsLayer |
4
|