Local File Inclusion (LFI) is the process of including files that are already stored locally on the server.
When an application uses a file path as an input, the app treats that input as trusted and safe. A Local File Inclusion attack tricks the application into exposing or running files on the server. An attacker can inject the malicious local file into the included statement.