Description
An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/danpros/htmly/issues/412
Scores
CVSS v3
6.5
EPSS
0.0152
EPSS Percentile
81.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
htmly/htmly
2.7.5
Published
May 21, 2021
Tracked Since
Feb 18, 2026