3 matches found
CVE-2021-3987
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...
Improper Access Control
calibreweb is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission checks in the createshelf method of shelf.py, allowing users without public shelf permissions to create public shelves...
Privilege Escalation
calibreweb is vulnerable to privilege escalation. The vulnerability exists due to the lack of permission checks in the createeditshelf function of shelf.py, allowing an attacker to create a public shelf without having permission...