calibreweb is vulnerable to sql injection. The vulnerability exists in move_header_elements
function in table.js
entries of user table are visible which allows an attacker to inject malicious sql queries.
CPE | Name | Operator | Version |
---|---|---|---|
calibreweb | eq | 0.6.12 | |
calibreweb | eq | 0.6.12 |