Skip to main content

Simplybook

3 CVEs product

Monthly

CVE-2019-11887 CRITICAL Act Now

SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Simplybook
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-11489 HIGH POC This Week

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simplybook
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-11488 HIGH POC This Week

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Simplybook
NVD
CVSS 3.0
8.1
EPSS
1.5%
EPSS 2% CVSS 9.8
CRITICAL Act Now

SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Simplybook
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simplybook
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Simplybook
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy