Malicious file execution vulnerabilities are found in many applications. Developers will often directly use or
concatenate potentially hostile input with file or stream functions, or improperly trust input files.
On many platforms, frameworks allow the use of external object references, such as URLs or file system references.
When the data is insufficiently checked, this can lead to arbitrary remote and hostile content being included,
processed or invoked by the Web server.
This is one of the flaws under the category of Injection, in the OWASP Top Ten.