Simple Help — community ground truth
2 notable / known-exploited Simple Help CVEs the community has triaged.
ⓘ Not an exhaustive list — we focus on the findings that matter (exploited / notable). For every Simple Help CVE, see NVD ↗.
- CVE-2024-57726CVSS 9.9KEVEPSS 9%
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
- CVE-2024-57728CVSS 7.2KEVEPSS 8%
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.