Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in janeczku/calibre-web
Vulnerability Description
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Calibre-Web 访问控制错误漏洞
Vulnerability Description
Calibre-Web是Jan B个人开发者的一款用于浏览、阅读和下载Calibre数据库中电子书的Web应用程序。 Calibre-Web存在访问控制错误漏洞,该漏洞源于shelf.py中的create_shelf方法未验证用户是否具有创建公共书架所需的权限。
CVSS Information
N/A
Vulnerability Type
N/A