/vulndb/Remote File Include

A Remote File Include is a vulnerability, which allows attackers to manipulate the application in order to include a remote file hosted on a 3rd-party server. This file may be executable, typically written in a scripting language.

This vulnerability can be used to perform Cross-site Scripting and Remote Code Execution attacks. In the case of the later, the remote file will run under the permissions of the user used by the the web application therefore executing within the same access level as the application itself. This vulnerability can be successfully used by attackers to gain a complete control over the targeted application and the server.

Solution

Ensure that user supplied data is not used directly in library functions used for processing/executing files.

References

http://en.wikipedia.org/wiki/Remote_File_Inclusion