I think it's about Directory Traversar.

Directory Traversal - the essence of the attack is to obtain illegitimate access to the necessary file on the server, using security system errors and by replacing the path to the file
www.itsec.ru/articles2/Oborandteh/sovremennye-ugro...
The simplest example: there is some function to which the user passes a file name, and that function returns to the user a file with that name from a certain folder. If the file name is not checked in the function, then you can write something like this: "../some-file.txt", thus we will get the file located in the folder one level up.

Like 0 comments

An example from life .... a certain site A, has a hole through which you can easily download a single-file file manager, access it through the browser, and voila, all the files of the site are in our palm, but in addition to the site, we have access to those sites which are located nearby, as well as access to the entire hard drive of the server. Therefore, at a minimum, you need to organize sites on your hosting in such a way that the user under which the web server is running cannot go beyond the directory allotted to him