CVE-2024-8876
TpMeCMS (xiaohe4966) vulnerable up to version 1.3.3.1 due to path traversal in the /index/ajax/lang handler when the lang parameter is manipulated. The issue can be exploited remotely and has been publicly disclosed. The recommended fix is upgrading to TpMeCMS 1.3.3.2; as a temporary measure, res...