Similar APIs designed to upload files from authenticated users did not properly sanitize their destination input, allowing directory traversal attacks which could eventually allow an authenticated attacker to execute code on the controller. So Directory traversal Actually allowing an unauthenticated attacker to execute code or store code on controller. So…