CVE-2020-23766

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-23766

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-23766.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-23766

Published

2021-05-21T18:15:07.923Z

Modified

2025-11-14T10:58:32.479138Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges.

References

https://github.com/danpros/htmly/issues/412

Affected packages

Git / github.com/danpros/htmly

Affected ranges

Type: GIT
Repo: https://github.com/danpros/htmly
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b1611d8c388553ef3cb36c9ae47116c7b7212ba8

Affected versions

v1.*

v1.0

v1.1

v1.5

v1.6

v1.7

v1.8

v1.9

v2.*

v2.0

v2.1

v2.2

v2.3

v2.4

v2.4.1

v2.5

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.7.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-23766.json"