Local file inclusion is a vulnerability that allows a hacker to gain access to a system. By including a file in the attack that is already present on the target server, the attacker exploits vulnerable inclusion procedures implemented in the application. LFIs can be thwarted in part by avoiding the passing of user-submitted input. or creation of an allowed list of files.