A file path traversal attack (also known as directory traversal) is a web security vulnerability that allows an attacker to access files and directories that are stored outside the web root folder. These files might include application code and data, credentials for back-end systems, and sensitive operating system files.
Attackers achieve a file path traversal attack by tricking either the web server, or the web application running on the server, into returning files that exist outside of the web root folder.