Directory traversal attacks let miscreants access directories other than those needed by a web server. And once they're in those directories, it's party time because they can insert their own code and tell the web server to execute it.
* Reads it again... no, still wrong.
Directory traversal typically means read-only access. You need something very different to be broken or misconfigured before exteranl users can connect and upload arbitrary files which they can then execute. (If it's properly set up, the attacker can only execute code as the 'nobody' or 'apache' user, or similar restricted access / unprivileged account. Preferably in a chroot, jail, or similar segregated fake environment.