diff --git a/src/pentesting-web/file-upload/README.md b/src/pentesting-web/file-upload/README.md
index f32a28225..ae1a90b75 100644
--- a/src/pentesting-web/file-upload/README.md
+++ b/src/pentesting-web/file-upload/README.md
@@ -212,7 +212,7 @@ Note that **another option** you may be thinking of to bypass this check is to m
 
 ## From File upload to other vulnerabilities
 
-- Set **filename** to `../../../tmp/lol.png` and try to achieve a **path traversal`
+- Set **filename** to `../../../tmp/lol.png` and try to achieve a **path traversal**
 - Set **filename** to `sleep(10)-- -.jpg` and you may be able to achieve a **SQL injection**
 - Set **filename** to `<svg onload=alert(document.domain)>` to achieve a XSS
 - Set **filename** to `; sleep 10;` to test some command injection (more [command injections tricks here](../command-injection.md))