ZrLog is a blogging system developed using the Java language. A directory traversal vulnerability exists in ZrLog version 2.1.15, which stems from a lack of validity checking of paths in the admin.api.TemplateController deletion function when processing directory requests, and can be exploited by a remote attacker to delete arbitrary files and cause a denial of service (DoS).