Skip to main content

Q: What is a file inclusion vulnerability?

A: A file inclusion vulnerability is a security flaw that allows an attacker to illegally access files on a server. It is often caused by insecure web programming practices, where user input (such as a file path) is used by the application without proper sanitisation. If an attacker can control the file path, they can include and execute files from the server, potentially leading to data disclosure or remote code execution.