An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23766
Reference (s):
- https://github.com/danpros/htmly/issues/412