CVE-2024-57728

High CVSS: 7.2

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

Vendor

Simple-help

Product

Simplehelp

CWE

CWE-59

Yayın Tarihi

2025-01-15 23:15:09

Güncelleme

2025-01-31 21:15:12

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-59 Simplehelp HIGH Simple-help 2025

Referanslar

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/

Benzer Kayıtlar

High

CVE-2025-36727

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: befo…

Medium

CVE-2025-36728

Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.

Critical

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to creat…

High

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enabl…