Hi! I’m the original reporter. The description of this vulnerability is wrong – you can create a file in root directory with arbitrary name & contents, not delete it.
@__ed As for the versions affected – all of them since circa 2008, the error was introduced in the source code then.