CVE-2024-57728

Name of the Vulnerable Software and Affected Versions SimpleHelp remote support software versions 5.5.7 and before

Description The issue allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file, also known as a zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

Recommendations For SimpleHelp remote support software versions 5.5.7 and before, consider disabling the file upload feature for admin users until a patch is available to prevent arbitrary code execution. Restrict access to sensitive areas of the file system to minimize the risk of exploitation. Avoid using the zip file upload feature in the affected software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.