Calibre Web 0.6.24 & Autocaliweb 0.7.0 – Blind C

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title Calibre Web 0.6.24 & Autocaliweb 0.7.0 – Blind C
Type cve
Published 2025-07-24T20:45:04.168Z
Modified 2025-07-24T20:45:04.168Z

Product Information

Vendor Calibre Web
Product Calibre Web
Version 0.6.24

CVSS Information

Base Score 5.9 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products

  • Calibre Web Calibre Web 0.6.24
  • Autocaliweb Autocaliweb 0.7.0

Additional Information

CWE List CWE-78
Source Fluid Attacks

Description

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.