Vulnerabilities

CVE-2019-11488

by Fred · 25/04/2019

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history.

Date published : 2019-04-25

https://blog.cybrgrade.com/CVE-2019-11488-SimplyBook.me-hash-replay-attack/

https://cybrgrade.com/files/Report_SimplyBookIt_MD5_Hash_Replay_by_CybrGradeUKLtd.pdf

Similar

Tags: Cybersecurity Alert