In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
CPE | Name | Operator | Version |
---|---|---|---|
calibre-web | eq | 0.6.3 | |
calibre-web | eq | 0.6.6 | |
calibre-web | eq | 0.6.7 | |
calibre-web | eq | 0.6.0 | |
calibre-web | eq | 0.6.11 | |
calibre-web | eq | 0.6.4 | |
calibre-web | eq | 0.6.13 | |
calibre-web | eq | 0.6.8 | |
calibre-web | eq | 0.6.10 | |
calibre-web | eq | 0.6.2 |