Description

SimpleHelp has a path traversal vulnerability. This flaw arises from insufficient validation of user-supplied input, allowing unauthenticated attackers to craft HTTP requests that traverse directories and access arbitrary files on the server. Exploitation of this vulnerability can lead to unauthorized exposure of sensitive information, including server configuration files and hashed user passwords, potentially compromising the the system.

Remediation

Upgrade to the latest version of SimpleHelp.

References

SimpleHelp Security Vulnerabilities Advisory

Horizon3.ai Analysis of SimpleHelp Vulnerabilities

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18098)

Joomla Other Vulnerability (CVE-2006-6833)

Osclass Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-8084)

Chamilo Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2023-34960)

TYPO3 Improper Input Validation Vulnerability (CVE-2010-3716)

Severity

High

Classification

CVE-2024-57727 CVE-2024-57726 CVE-2024-57728 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Information Disclosure Known Vulnerabilities