Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.
CVSS
6.3
MEDIUM
Published
Jul 25, 2025
Loading
Vendor coverage
Track published CVEs, severity trends, and remediation context for simple-help products.
Search results
Showing 1-5 of 5 vulnerabilities.
Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.
CVSS
6.3
MEDIUM
Published
Jul 25, 2025
Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.
CVSS
8.3
HIGH
Published
Jul 25, 2025
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
CVSS
7.2
HIGH
Published
Jan 15, 2025
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
CVSS
7.5
HIGH
Published
Jan 15, 2025
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
CVSS
9.9
CRITICAL
Published
Jan 15, 2025