i've installed yiimp on local server using [nginx - php 7.1 - mariadb ]

ran a quick scan nd found many vulnerabilities and could allow an attacker to upload files to server.

Cross Site Scripting

GET /?address="%20src=-->">'>'"
GET /explorer/graph?id=/./
GET /site/./
GET /site/block_results?id=/./
GET /stats/./

HTTP PUT File Upload
PUT /PUT-putfile
"The HTTP PUT method was designed to allow HTTP clients to store resources on a HTTP server"