High severity8.8NVD Advisory· Published Apr 25, 2019· Updated Jun 17, 2026
CVE-2019-11489
CVE-2019-11489
Description
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2019-04-23
- Range: <2019-04-23
Patches
Vulnerability mechanics
References
2- blog.cybrgrade.com/CVE-2019-11489-SimplyBook.me-privesc/nvdExploitThird Party Advisory
- cybrgrade.com/files/Report_SimplyBookIt_Privesc_by_CybrGradeUKLtd.pdfnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.