Calibre-Web is a Web application for browsing, reading and downloading eBooks from the Calibre database.A SQL injection vulnerability exists in versions prior to Calibre-Web 0.6.18.The vulnerability stems from the application’s lack of validation of externally entered SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
calibre-web calibre-web | lt | 0.6.18 |