CVE-2018-7479

CVE-2018-7479

YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.