By usgin hcp:// URL it's possible to remove file sustem objects.
vulners.com/securityvulns/securityvulns:doc:3370
vulners.com/securityvulns/securityvulns:doc:3649