Local File Inclusion
Local File Inclusion occurs when a web application can be tricked into loading files from the server's own filesystem that were never meant to be exposed. Attackers use it to read configuration files, credentials, or source code, and in some cases escalate it to code execution. It stems from building file paths out of untrusted user input.