Vendor

SimpleHelp

2 briefs RSS

SimpleHelp Missing Authorization Vulnerability Leads to Privilege Escalation

A missing authorization vulnerability in SimpleHelp (CVE-2024-57726) allows low-privileged technicians to create API keys with excessive permissions, potentially escalating privileges to the server admin role.

SimpleHelp privilege-escalation missing-authorization cloud

2r 1t 1c Jun 25, 2024

critical advisory

SimpleHelp Path Traversal Vulnerability (CVE-2024-57728)

2 rules 3 TTPs 1 CVE

CVE-2024-57728 is a path traversal vulnerability in SimpleHelp that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file, potentially leading to arbitrary code execution.

SimpleHelp cve-2024-57728 path-traversal zip-slip

2r 3t 1c Jun 25, 2024