Description
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
References (2)
Core 2
Core References
Exploit, Mitigation, Third Party Advisory third-party-advisory
https://starlabs.sg/advisories/24/24-7009/
Scores
CVSS v3
4.2
EPSS
0.0842
EPSS Percentile
92.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
calibre-ebook/calibre
< 7.15.0
Published
Aug 06, 2024
Tracked Since
Feb 18, 2026