Many vulnerbilities involving files and file operations rely on a program assuming anticipating that a file resides in a certain directory and then manipulating those directories the file system in a way that makes that program access a different file than the intended.