COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-57728

CVE-2024-57728

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-24
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-57728
⚡ RCE ⌖ exploited in the wild shame 85/100 ransomwarerceexploited-in-wildunpatched

SimpleHelp's SimpleHelp product allows admin users to execute arbitrary code via a zip-slip path traversal vulnerability.

This critical vulnerability enables remote code execution for admin users by allowing the upload of crafted zip files to arbitrary paths on the file system. DIB organizations must ensure SimpleHelp is patched immediately to prevent ransomware exploitation and unauthorized code execution on their infrastructure.

Shame score — A critical RCE vulnerability linked to ransomware that allows arbitrary file system manipulation via zip-slip exploits.

Players implicated

SimpleHelp · vendorSimpleHelp · product

Description

SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.