Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 19 Aug 2024 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Calibre-ebook
Calibre-ebook calibre
CPEs cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*
Vendors & Products Calibre-ebook
Calibre-ebook calibre

cve-icon MITRE

Status: PUBLISHED

Assigner: STAR_Labs

Published:

Updated: 2024-08-06T13:37:59.031Z

Reserved: 2024-07-23T03:50:21.540Z

Link: CVE-2024-7009

cve-icon Vulnrichment

Updated: 2024-08-06T13:37:48.715Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-06T04:16:47.040

Modified: 2024-08-19T17:18:50.290

Link: CVE-2024-7009

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.