A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload.

This vulnerability was named CVE-2024-0648. The attack can be initiated remotely. Furthermore, there is an exploit available.