YzmCMS 3.6 allows remote malicious users to discover the full path via a direct request to application/install/templates/s1.php.
yzmcms yzmcms 3.6