Exposures › CVE-2024-57728
SimpleHelp's SimpleHelp product allows admin users to execute arbitrary code via a zip-slip path traversal vulnerability.
This critical vulnerability enables remote code execution for admin users by allowing the upload of crafted zip files to arbitrary paths on the file system. DIB organizations must ensure SimpleHelp is patched immediately to prevent ransomware exploitation and unauthorized code execution on their infrastructure.
Shame score — A critical RCE vulnerability linked to ransomware that allows arbitrary file system manipulation via zip-slip exploits.
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
No correlated FedRAMP products.