EUVD-2019-3162

Malware in sbrugna...

EUVD-2019-3161

Malware in sbrugna...

simon888.simplybook.me Cross Site Scripting vulnerability OBB-3354282

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Remote code execution

SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution...

CVE-2019-11887

SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution...

CVE-2019-11887

SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution...

CVE-2019-11887

CVE-2019-11887 affects SimplyBook.me up to 2019-05-11 and stems from insufficient restrictions on file uploads, enabling remote code execution. The entry is supported by NVD entries (CVE-2019-11887) and related records; CVSS v2 base score 7.5 (HIGH) and CVSS v3 base score 9.8 (CRITICAL) reflect n...

CVE-2019-11488

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser histor...

CVE-2019-11489

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...

Improper access control

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...

CVE-2019-11488

The CVE-2019-11488 entry concerns SimplyBook.me Enterprise prior to 2019-04-23, where an Incorrect Access Control flaw in the Account Access / Password Reset Link could allow unauthorized attackers to read/write Customer or Administrator data via a persistent HTTP GET hash link replay (demonstrat...

CVE-2019-11488

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser histor...

CVE-2019-11489

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...

CVE-2019-11489

CVE-2019-11489 affects SimplyBook.me Enterprise (older releases) where the Administrative Management Interface enforces incorrect access control. Affected: authenticated low-privilege users; vulnerability allows elevation to full admin rights via a crafted HTTP PUT to a /v2/rest/ endpoint with mo...