Remote File Inclusion

GPTKB entity

Statements (27)
Predicate Object
gptkbp:instanceOf Web security vulnerability
gptkbp:abbreviation gptkb:RFI
gptkbp:affects web applications
gptkbp:can_be_exploited_via untrusted input
user-supplied URL parameters
gptkbp:canBe malware distribution
web shell installation
gptkbp:cause data theft
website defacement
server compromise
gptkbp:commonIn PHP applications
gptkbp:detects web application scanners
gptkbp:documentedIn gptkb:OWASP
gptkbp:enables remote code execution
arbitrary file inclusion
gptkbp:exploits improper input validation
insecure file inclusion mechanisms
gptkbp:firstAppearance early 2000s
https://www.w3.org/2000/01/rdf-schema#label Remote File Inclusion
gptkbp:mitigatedBy input validation
disabling remote file inclusion in configuration
gptkbp:prevention disabling URL wrappers
using allowlists for file inclusion
gptkbp:relatedTo gptkb:Local_File_Inclusion
Directory Traversal
gptkbp:bfsParent gptkb:fire
gptkbp:bfsLayer 4