Statements (27)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Web security vulnerability
|
| gptkbp:abbreviation |
gptkb:RFI
|
| gptkbp:affects |
web applications
|
| gptkbp:can_be_exploited_via |
untrusted input
user-supplied URL parameters |
| gptkbp:canBe |
malware distribution
web shell installation |
| gptkbp:cause |
data theft
website defacement server compromise |
| gptkbp:commonIn |
PHP applications
|
| gptkbp:detects |
web application scanners
|
| gptkbp:documentedIn |
gptkb:OWASP
|
| gptkbp:enables |
remote code execution
arbitrary file inclusion |
| gptkbp:exploits |
improper input validation
insecure file inclusion mechanisms |
| gptkbp:firstAppearance |
early 2000s
|
| https://www.w3.org/2000/01/rdf-schema#label |
Remote File Inclusion
|
| gptkbp:mitigatedBy |
input validation
disabling remote file inclusion in configuration |
| gptkbp:prevention |
disabling URL wrappers
using allowlists for file inclusion |
| gptkbp:relatedTo |
gptkb:Local_File_Inclusion
Directory Traversal |
| gptkbp:bfsParent |
gptkb:fire
|
| gptkbp:bfsLayer |
4
|