Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Calibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF)
Vulnerability Description
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Calibre 跨站请求伪造漏洞
Vulnerability Description
Calibre是印度科维德·戈亚尔(Kovid Goyal)个人开发者的一个开源免费的全能电子书阅读管理与格式转换工具。 Calibre web 0.6.0 版本到 0.6.13版本存在跨站请求伪造漏洞,该漏洞源于软件缺少针对跨站请求伪造的检查校验。通过诱使经过身份验证的用户单击链接,攻击者可以创建一个具有管理员特权和攻击者控制的凭证的新用户角色,允许他们接管应用程序。
CVSS Information
N/A
Vulnerability Type
N/A