CVE-2024-8876

Summary

CVE-2024-8876 is a vulnerability affecting TpMeCMS versions up to 1.3.3.1, specifically impacting the functionality associated with the file /index/ajax/lang. This flaw allows for path traversal through manipulation of the 'lang' argument, enabling remote exploitation. Given its low attack complexity and high confidentiality impact, this vulnerability poses significant risks to organizations using affected products such as yomgYL and yoK7Ak. To mitigate this threat, it is crucial for users to upgrade to version 1.3.3.2 or later promptly. The exploit has been publicly disclosed, increasing the urgency for remediation efforts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.