CVE Record: CVE-2019-11489

Required CVE Record Information

Description

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI.

Product Status

Learn more

Information not provided

References 2 Total

https://cybrgrade.com/files/Report_SimplyBookIt_Privesc_by_CybrGradeUKLtd.pdf
external site
https://blog.cybrgrade.com/CVE-2019-11489-SimplyBook.me-privesc/
external site

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

https://cybrgrade.com/files/Report_SimplyBookIt_Privesc_by_CybrGradeUKLtd.pdf
external site
x_transferred
https://blog.cybrgrade.com/CVE-2019-11489-SimplyBook.me-privesc/
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 2 Total

CVE Program

References 2 Total