/vulndb/Local File Include

A Local File Include is a vulnerability, which allows attackers to retrieve or execute server-side files. The vulnerability arises by the fact that the developer is allowing not sanitised user-supplied input to be used in functions used to open, read or display the content of files.

The vulnerability can be used to retrieve sensitive data from the web server file system like application source code, databases and other sensitive files.

Solution

Ensure that the user cannot manipulate the path to files retrieved and displayed by the application. It is also recommended to sanitize characters related to path manipulation such as ., ..,/ and .

References

http://en.wikipedia.org/wiki/Local_File_Inclusion