CVE-2019-11488

Name of the Vulnerable Software and Affected Versions SimplyBook.me Enterprise versions prior to 2019-04-23

Description The issue concerns incorrect access control in the account access/password reset link, allowing unauthorized attackers to read or write customer or administrator data. This can be achieved via a persistent HTTP GET request hash link replay. For example, an attacker could exploit a login link from the browser history.

Recommendations For versions prior to 2019-04-23, update to a version released after 2019-04-23 to resolve the issue. As a temporary workaround, consider restricting access to the account access and password reset functionality until the update is applied. Avoid using the password reset link from the browser history to minimize the risk of exploitation.