In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
CPE | Name | Operator | Version |
---|---|---|---|
calibre-web | ge | 0.6.0 | |
calibre-web | le | 0.6.13 |