Arbitrary File Upload Vulnerability in SimpleHelp Remote Support Software

CVE-2024-57728

Summary

The SimpleHelp Remote Support Software, versions 5.5.7 and earlier, is susceptible to an arbitrary file upload vulnerability. This flaw allows admin users to upload specially crafted zip files, which can exploit a phenomenon known as 'zip slip'. By leveraging this vulnerability, malicious actors can potentially upload arbitrary files to any directory on the file system, leading to unauthorized code execution in the context of the server user, creating a serious security risk for businesses relying on this software. Users are advised to update to the latest version to mitigate the threat.

News Articles

CybersecurityNews

CVE-2024-57728CVE-2024-57726

SimpleHelp Remote Support Software Vulnerability Let Attackers Execute Remote Code

Researchers have disclosed three critical vulnerabilities in SimpleHelp, a widely used remote support software, that could allow attackers to compromise servers and client machines.

References