Description

SimpleHelp has a path traversal vulnerability. This flaw arises from insufficient validation of user-supplied input, allowing unauthenticated attackers to craft HTTP requests that traverse directories and access arbitrary files on the server. Exploitation of this vulnerability can lead to unauthorized exposure of sensitive information, including server configuration files and hashed user passwords, potentially compromising the the system.

Remediation

Upgrade to the latest version of SimpleHelp.

References

SimpleHelp Security Vulnerabilities Advisory

Horizon3.ai Analysis of SimpleHelp Vulnerabilities

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3528)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4441)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1861)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1901)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3529)

Severity

High

Classification

CVE-2024-57727 CVE-2024-57726 CVE-2024-57728 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Information Disclosure Known Vulnerabilities