CVE-2024-57728: SimpleHelp Path Traversal Vulnerability. SimpleHelp
SimpleHelp Path Traversal Vulnerability. SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
- CISA KEV-listed (remediation due 2026-05-08)
- used in ransomware campaigns
- EPSS 54.1% (98.1% percentile)