Remote File Inclusion (RFI) is the process of including files from remote sources through exploitation of vulnerable inclusion procedures implemented in the application. For example, this vulnerability occurs when a page receives input that is the URL to a remote file. This input is not properly sanitized, allowing external URLs to be injected.
Remote File Inclusion (RFI) can lead to other attacks, such as cross-site scripting (XSS), denial of service (DoS) and sensitive information disclosure.