LFI stands for "Local File Inclusion." It refers to a type of vulnerability in web applications that allows an attacker to include or read files on the server. LFI vulnerabilities occur when an application accepts user input without properly sanitizing or validating it and uses that input to retrieve files from the local file system. 

RFI typically occurs in web applications that dynamically include files based on user input, such as a file parameter in a URL. If the application does not validate or sanitize this input properly, an attacker can manipulate the file parameter to include a file hosted on a remote server that they control.