A path traversal vulnerability allows an attacker to access files on your web server to which they should not have access. They do this by tricking either the web server or the web application running on it into returning files that exist outside of the web root folder.

This breach is usually achieved using the "dot dot slash" (or back slash for windows) method, a common feature in all modern file systems. This technique instructs the file system to move up to the parent directory when it's included in a file path. For instance, on a Unix/Linux system, both /etc/passwd and /bin/../etc/passwd point to the same file.

• Use SQL databases for storage instead of the file system. This avoids constructing path names.
• Use allow listing for safe characters in the file name. Like regex [A-Za-z0-9]
• Take into account that system calls related to files work differently in various in various languages and across platforms.