CVE-2024-7009 MEDIUM

CVE-2024-7009: Calibre SQL Injection

Vendor Calibre

Product Calibre

Weakness CWE-89 · SQLi

Published August 6, 2024

Last update August 6, 2024

View on NVD All CVEs

CVSS base score

4.2/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.

Key dates

02Disclosure timeline

August 6, 2024 CVE published

August 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-7009

Related vulnerabilities

04Related CVE

CVE-2025-7595 code-projects Job Diary view-cad.php sql injection CVE-2025-7605 code-projects AVL Rooms profile.php sql injection CVE-2025-53549 Matrix Rust SDK allows SQL injection in the EventCache implementation CVE-2025-0294 SourceCodester Home Clean Services Management System process.php sql injection CVE-2025-0488 Fanli2012 native-php-cms product_list.php sql injection