CVE-2024-7009

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Aug 6, 2024
Updated: Aug 19, 2024
CWE ID 89

Summary

CVE-2024-7009 is a vulnerability affecting Calibre versions up to 7.15.0. It allows users with search permissions to execute SQL injection attacks on the SQLite database through unsanitized user-input during full-text searches. An attacker can exploit this flaw to gain unauthorized access to sensitive information or make unintended modifications to the database. This vulnerability poses a significant risk to organizations or individuals using Calibre and highlights the importance of applying software updates promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share