CNNVD-202507-3121 Information

CNNVD ID

CNNVD-202507-3121

Related CVE

CVE-2025-7404

• CNNVD Published: 2025-07-24

Description (Chinese)

Calibre-Web是Jan B个人开发者的一款用于浏览、阅读和下载Calibre数据库中电子书的Web应用程序。 Calibre-Web 0.6.24版本存在操作系统命令注入漏洞，该漏洞源于特殊元素中和不当，可能导致盲OS命令注入攻击。

Description (English)

Calibre-Web is a Web application by Jan B Personal Developer for browsing, reading and downloading electronic books from the Calibre database. The calibre-Web 0.6.24 version contains a loophole in the operating system commands, which originates in special elements and is inappropriate and may lead to an attack by blind OS commands.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2025-07-24

Last Modified

2026-02-24

References

https://fluidattacks.com/advisories/kino https://github.com/gelbphoenix/autocaliweb https://github.com/janeczku/calibre-web