An attacker exploits a weakness in input validation on the target to force
						arbitrary code to be retrieved from a remote location and executed. This
						differs from script injection in that script injection involves the direct
						inclusion of scripting code while code inclusion involves the addition or
						replacement of a reference to a code file, which is subsequently loaded by
						the target and used as part of the code of some application. One example of
						this sort of attack is PHP file include attacks where the parameter of an
						include() function is set by a variable that an attacker is able to control.
						The result is that arbitrary code could be loaded into the PHP application
						and executed.