LuckyFrameWeb v3.5.2 exists to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method.