Log poisoning combines LFI with code injection — injecting malicious code into server logs (via User-Agent, etc.), then using LFI to include the log file, executing the injected code.
Log poisoning turns an LFI vulnerability into RCE. Defense: input sanitization (prevent code injection into logs), disable dynamic file includes (prevent LFI), separate log file permissions from web content.