cbcvebase.
CVE-2024-7009
published 2024-08-06

CVE-2024-7009: Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.

PriorityP349high7.1CVSS 3.1
AVNACLPRLUINSUCHILAN
EPSS
13.92%
96.1th percentile
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.

Affected

7 ranges
VendorProductVersion rangeFixed in
calibre-ebookcalibre<= 7.15.0
calibrecalibre
calibrecalibre>= 0 < 5.12.0+dfsg-1+deb11u25.12.0+dfsg-1+deb11u2
calibrecalibre>= 0 < 6.13.0+repack-2+deb12u46.13.0+repack-2+deb12u4
calibrecalibre>= 0 < 7.16.0+ds-17.16.0+ds-1
calibrecalibre>= 0 < 7.16.0+ds-17.16.0+ds-1
debiancalibre< calibre 6.13.0+repack-2+deb12u4 (bookworm)calibre 6.13.0+repack-2+deb12u4 (bookworm)

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
osv7.1HIGH
vendor_debian4.2MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.