CVE-2024-57727

High KEV CVSS: 7.5

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

Vendor

Simple-help

Product

Simplehelp

CWE

CWE-22

Yayın Tarihi

2025-01-15 23:15:09

Güncelleme

2025-11-04 16:37:57

Source Identifier

cve@mitre.org

KEV Date Added

2025-02-13

Kategoriler

CWE-22 Simplehelp HIGH Simple-help 2025

Referanslar

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57727

Benzer Kayıtlar

High

CVE-2025-36727

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: befo…

Medium

CVE-2025-36728

Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.

Critical

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to creat…

High

CVE-2024-57728

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file s…