CVE-2024-57728

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-59
View all →

Vulnerability Description

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

Related Vulnerabilities

CVE-2025-23010

HIGH
CVSS:7.2(High)

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.

CWE-592025

CVE-2019-1317

HIGH
CVSS:7.3(High)

A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.

CWE-592019

CVE-2022-27883

HIGH
CVSS:7.3(High)

A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an ...

CWE-592022

CVE-2022-38604

HIGH
CVSS:7.3(High)

Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.

CWE-592022

CVE-2022-40143

HIGH
CVSS:7.3(High)

A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could a...

CWE-592022