LokiCMS is prone to a vulnerability that allows attackers to delete arbitrary files because it fails to properly sanitize user-supplied input.

An attacker can delete arbitrary files within the context of the webserver process when exploiting this vulnerability.

LokiCMS 0.3.3 is vulnerable; other versions possible affected as well.