漏洞描述
SimpleHelp 是一款远程支持和远程桌面管理软件,广泛应用于企业和 IT 服务提供商。该漏洞允许攻击者通过构造特定的路径遍历请求,未经授权地读取服务器上的任意文件,可能导致敏感信息泄露、数据篡改以及其他严重的安全问题。
SimpleHelp远程管理软件 /toolbox-resource 文件读取漏洞(CVE-2024-57727)
PoC代码
暂无相关漏洞推荐
- 微力同步Verysync resources 任意文件读取漏洞
- 微力同步-VeriSync resources 任意文件读取漏洞
- HJSoft HCM Human Resources Management System /selfservice/lawresource/downlawbase SQL 注入漏洞(CVE-2025-10197)
- POC CVE-2024-57727: SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal
- POC eks-aws-managed-iam-policy: Use AWS-managed policy to manage AWS resources
- POC azure-iam-role-resource-lock-unassigned: Azure IAM Role for Resource Locking Not Assigned
- POC azure-apim-resource-logs-not-configured: Azure API Management Service Resource Logs Not Configured
- POC azure-keyvault-resource-lock-check: Azure KeyVault Resource Lock Not Enabled
- POC gcloud-org-resource-locations: Resource Location Restrictions Not Configured
- POC skimresources-r-csp-bypass: Content-Security-Policy Bypass - SkimResources R
- POC zheda-ente-customer-resource-management-system-fileupload: 浙大恩特客户资源管理系统任意文件上传
- POC kubernetes-resource-report: Detect Overview Kubernetes Resource Report
- POC liferay-resource-leak: Liferay - Local File Inclusion