What type of vulnerability allows an attacker to manipulate filenames to access unauthorized files on a server?

The type of vulnerability that allows an attacker to manipulate filenames to access unauthorized files on a server is known as directory traversal. This vulnerability occurs when an attacker exploits a web application's lack of proper input validation, enabling them to navigate outside the intended file system directory. By crafting specific sequences of characters (such as "../"), an attacker can trick the application into accessing files and directories that are stored outside of the designated directory. This can lead to exposure of sensitive files, such as configuration files, passwords, or any other data that should not be publicly accessible.

Directory traversal attacks exemplify the need for stringent security measures around file access and proper validation of user input to ensure that only the intended files are accessible by web applications, safeguarding sensitive information from unauthorized access.