CVE-2024-57727
CVE-2024-57727
In short
SimpleHelp remote support software versions 5.5.7 and earlier allow anyone on the internet to download any file from the server without logging in, including secret passwords and configuration files that should be protected.
Technical detail
Path traversal vulnerability (CWE-22) in SimpleHelp ≤5.5.7 permits unauthenticated attackers to craft malicious HTTP requests that bypass directory restrictions and retrieve arbitrary files from the host filesystem. The vulnerability exposes sensitive data including server configuration files and hashed credentials with no authentication requirement.
Summary generated and translated by AI from the official description.
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
n/a · n/apublic PoCs found — 1
githubgithub.com/imjdl/CVE-2024-57727★ 15⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlierhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57727https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/