CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11489

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://blog.cybrgrade.com/CVE-2019-11489-SimplyBook.me-privesc/
https://cybrgrade.com/files/Report_SimplyBookIt_Privesc_by_CybrGradeUKLtd.pdf
https://blog.cybrgrade.com/CVE-2019-11489-SimplyBook.me-privesc/
https://cybrgrade.com/files/Report_SimplyBookIt_Privesc_by_CybrGradeUKLtd.pdf

Products affected by CVE-2019-11489

Simplybook » Simplybook » Version: Any

cpe:2.3:a:simplybook:simplybook:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11489

Products

Pricing

Contact Us