2 matches found
CVE-2022-0406 Improper Authorization in janeczku/calibre-web
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16...
CVE-2022-0406
CVE-2022-0406 affects janeczku/calibre-web (Calibre-Web) prior to 0.6.16, with an improper authorization flaw in shelf order handling. The root cause cited: shelf.py order_shelf path does not verify user permissions before processing POST data, allowing low-privilege users to edit the sort order ...