CVE-2024-7009
published 2024-08-06CVE-2024-7009: Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
PriorityP349high7.1CVSS 3.1
AVNACLPRLUINSUCHILAN
EPSS
13.92%
96.1th percentile
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| calibre-ebook | calibre | <= 7.15.0 | — |
| calibre | calibre | — | — |
| calibre | calibre | >= 0 < 5.12.0+dfsg-1+deb11u2 | 5.12.0+dfsg-1+deb11u2 |
| calibre | calibre | >= 0 < 6.13.0+repack-2+deb12u4 | 6.13.0+repack-2+deb12u4 |
| calibre | calibre | >= 0 < 7.16.0+ds-1 | 7.16.0+ds-1 |
| calibre | calibre | >= 0 < 7.16.0+ds-1 | 7.16.0+ds-1 |
| debian | calibre | < calibre 6.13.0+repack-2+deb12u4 (bookworm) | calibre 6.13.0+repack-2+deb12u4 (bookworm) |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
osv7.1HIGH
vendor_debian4.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2024-7009: calibre - Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perf...
vendor_debian·2024·CVSS 4.2
CVE-2024-7009 [MEDIUM] CVE-2024-7009: calibre - Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perf...
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
Scope: local
bookworm: resolved (fixed in 6.13.0+repack-2+deb12u4)
bullseye: resolved (fixed in 5.12.0+dfsg-1+deb11u2)
forky: resolved (fixed in 7.16.0+ds-1)
sid: resolved (fixed in 7.16.0+ds-1)
trixie: resolved (fixed in 7.16.0+ds-1)
GHSA
GHSA-mc4x-r58f-6h93: Unsanitized user-input in Calibre <= 7
ghsa_unreviewed·2024-08-06
CVE-2024-7009 [MEDIUM] CWE-89 GHSA-mc4x-r58f-6h93: Unsanitized user-input in Calibre <= 7
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
OSV
CVE-2024-7009: Unsanitized user-input in Calibre <= 7
osv·2024-08-06·CVSS 7.1
CVE-2024-7009 [HIGH] CVE-2024-7009: Unsanitized user-input in Calibre <= 7
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-06
Published