It has been discovered that redhat-certification does not restrict file access in the /update/results page. A remote attacker could use this vulnerability to remove any file accessible by the user which is running httpd.
If SELinux is enabled, it will restrict the number of files accessible by the httpd process.