CVE-2024-8876

Name of the Vulnerable Software and Affected Versions: xiaohe4966 TpMeCMS versions 1.3.3.1 and earlier

Description: A problematic issue has been found in xiaohe4966 TpMeCMS, affecting some unknown functionality of the file "/index/ajax/lang". The manipulation of the lang argument leads to path traversal. The attack may be launched remotely.

Recommendations: For xiaohe4966 TpMeCMS versions 1.3.3.1 and earlier, upgrade to version 1.3.3.2 to address this issue. As a temporary workaround, consider restricting access to the "/index/ajax/lang" file until the upgrade is applied. Avoid manipulating the lang argument in the affected file to minimize the risk of exploitation.