CVE-2020-23766

Published May 21st, 2021

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

5.5

MEDIUM

Affected

PROJECT

Description

An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges.

danpros/htmly

Simple and fast databaseless PHP blogging platform, and Flat-File CMS

GitHub

1.34K