YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.
mitre·CWE-668·Published 2018-02-26