What is remote file inclusion?

Remote file inclusion (RFI) is a web vulnerability that lets a malicious hacker force the application to include arbitrary code files imported from another location, for example, a server controlled by the attacker.

<?PHP 
  $module = $_GET["module"];
  include $module;
?>
http://example.com/index.php?module=http://server2.example.com/welcome.php