CVE-2019-11489

Name of the Vulnerable Software and Affected Versions SimplyBook.me Enterprise versions prior to 2019-04-23

Description The issue allows authenticated low-privilege users to elevate their privileges to full admin rights. This can be achieved via a crafted HTTP PUT request, as demonstrated by modified JSON data to a "/v2/rest/" API endpoint. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For SimplyBook.me Enterprise versions prior to 2019-04-23, update to a version released after 2019-04-23 to resolve the issue. As a temporary workaround, consider restricting access to the "/v2/rest/" API endpoint to minimize the risk of exploitation. Avoid using modified JSON data in this endpoint until the issue is resolved.