Calibre is an open source free all-in-one eBook reading management and format conversion tool from Kovid Goyal, a personal developer in India. calibre web versions 0.6.0 through 0.6.13 are vulnerable to cross-site request forgery, which stems from the software’s lack of check checksum for cross-site request forgery. By tricking an authenticated user into clicking on a link, an attacker could exploit the vulnerability to create a new user role with administrator privileges and attacker-controlled credentials, allowing them to take over the application.
CPE | Name | Operator | Version |
---|---|---|---|
Calibre Calibre web >=0.6.0, | le | 0.6.13 |