CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11488

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.4%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

https://blog.cybrgrade.com/CVE-2019-11488-SimplyBook.me-hash-replay-attack/
https://cybrgrade.com/files/Report_SimplyBookIt_MD5_Hash_Replay_by_CybrGradeUKLtd.pdf
https://blog.cybrgrade.com/CVE-2019-11488-SimplyBook.me-hash-replay-attack/
https://cybrgrade.com/files/Report_SimplyBookIt_MD5_Hash_Replay_by_CybrGradeUKLtd.pdf

Products affected by CVE-2019-11488

Simplybook » Simplybook » Version: Any

cpe:2.3:a:simplybook:simplybook:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11488

Products

Pricing

Contact Us