The correct answer is B, Path traversal. A file download feature that accepts a user-controlled path is vulnerable when the application does not properly validate, normalize, or restrict the requested file location. In CEH web application and web server attack concepts, directory or path traversal allows an attacker to access restricted directories outside the intended web root by using sequences such as ../, encoded characters, or manipulated URL/path values. CEH material describes directory traversal as an attack where the attacker attempts to access restricted directories and execute commands outside intended web server directories, also known as dot-dot-slash, directory climbing, or backtracking. CEH web server material also states that attackers may use dots and slash sequences to access directories outside the root directory and reveal sensitive system information. SQLi targets database queries, XSS injects scripts, and CSRF abuses authenticated browser requests. Here, the vulnerable input is a file path, so the attack is path traversal.