Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise prior to 2019-04-23 allows Unauthorized malicious users to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplybook simplybook |