Similar to a CGI or directory scanning attack, but generally performed on local file-system on the web-server. An elevated risk of this exists for shared hosting web hosting providers.