Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerConfig.php, which can be exploited via the addqq() method.