If the included file is writable by the PHP user then I would say that poses a reasonably high security risk; potential privesc, information disclosure, RCE. Of course an attacker would need the ability to manipulate local files as the PHP user, but that isn't much of a stretch.
Under a typical install, e.g. Debian, Ubuntu, etc, nginx parses the configuration files as root thus any exploit of the config parser gains full root access as the nginx master process doesn't drop caps.
Depending on where the include line is placed it may be possible for an attacker to create server blocks allowing them to execute arbitrary PHP by permitting PHP execution from a directory with PHP write access, e.g. `wp-upload`. Assisting exfiltration of data by allowing easy remote access to the filesystem. Possibly proxy all traffic through an attacker controlled script or host. Exposing local services to the outside world.
I'm sure there's plenty of other interesting little attacks possible if given enough time to play around with it.
If at all possible I would avoid permitting unprivileged r|w access to nginx configuration files.
Under a typical install, e.g. Debian, Ubuntu, etc, nginx parses the configuration files as root thus any exploit of the config parser gains full root access as the nginx master process doesn't drop caps.
Depending on where the include line is placed it may be possible for an attacker to create server blocks allowing them to execute arbitrary PHP by permitting PHP execution from a directory with PHP write access, e.g. `wp-upload`. Assisting exfiltration of data by allowing easy remote access to the filesystem. Possibly proxy all traffic through an attacker controlled script or host. Exposing local services to the outside world.
I'm sure there's plenty of other interesting little attacks possible if given enough time to play around with it.
If at all possible I would avoid permitting unprivileged r|w access to nginx configuration files.