A vulnerability occurs when an application takes user input—like a template name—and plugs it directly into a file system API without proper sanitization.
A good WAF will automatically detect and block patterns like ..-2F or ../ in URL parameters. Conclusion -template-..-2F..-2F..-2F..-2Froot-2F
: By repeating ..-2F multiple times, the attacker is attempting to "climb" out of the intended folder (the web root) and reach the base operating system folders. A vulnerability occurs when an application takes user
Run your web application with the lowest possible privileges. The "web user" should never have permission to read the /root/ or /etc/ directories. -template-..-2F..-2F..-2F..-2Froot-2F