bt_lnmp is a piaoyunsoft personal developer of a pagoda panel-based LNMP environment. bt_lnmp suffers from a path traversal vulnerability that stems from the failure of the Flask send_file function to properly filter special elements in a resource or file path, which can be exploited by attackers to access arbitrary files and directories stored on the file system.