Local File Inclusion or LFI is a vulnerability based on the way of getting or processing local files on the server by the local path. Most cases of the caused cases by PHP include function.
The attacker has to upload the malicious script to the target server to be executed locally.
An attacker could exploit this vulnerability by searching files by their path in the vulnerable parameter.
To prevent this vulnerability from happening, make sure that the input coming from the user is correct and does not contain any unwanted inputs from the user by whitelisting specific files.
Local file inclusion means unauthorized access to files on the system.
Local File Inclusion (LFI) allows an attacker to include files on a server through the web browser, allowing the attacker to manipulate the input and inject path traversal characters, and include other files from the webserver.
The best way to mitigate this vulnerability will be to hardcode all files you need to include.