CVE-2024-6782

This PoC exploits an improper access control vulnerability in Calibre (CVE-2024-6782) to achieve unauthenticated remote code execution via a crafted JSON payload sent to the `/cdb/cmd/list` endpoint. The payload injects Python code that executes arbitrary commands using `subprocess`.

This PoC exploits an unauthenticated remote code execution vulnerability in Calibre's content server (CVE-2024-6782) by injecting a Python payload via the `/cdb/cmd/list` endpoint. The payload executes arbitrary commands using `subprocess.check_output` on both Windows and Unix-like systems.

This exploit leverages a Python-based template injection vulnerability in the target software to achieve remote code execution (RCE). It sends a crafted JSON payload via a POST request to execute arbitrary shell commands on the target system.

This PoC exploits an improper access control vulnerability in Calibre (CVE-2024-6782) to achieve remote code execution via a crafted JSON payload sent to the `/cdb/cmd/list` endpoint. The payload injects Python code to execute system commands (`whoami`) on the target.

This Metasploit module exploits a Python code injection vulnerability in Calibre's Content Server (CVE-2024-6782) by sending a malicious JSON payload to execute arbitrary commands via subprocess calls. It supports both Windows and Linux targets with different payload types.