CVE-2018-10867: redhat-certification: /uploads/results page allows to remove files

Severity: Critical

CVSS Score: 9.1

Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.