Search for vulnerabilities
Vulnerability details: VCID-4atp-nc7m-aaan
Vulnerability ID VCID-4atp-nc7m-aaan
Aliases CVE-2024-7009
Summary Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
Status Published
Exploitability 0.5
Weighted Severity 6.4
Risk 3.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
System Score Found at
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-7009
cvssv3 7.1 https://nvd.nist.gov/vuln/detail/CVE-2024-7009
cvssv3.1 7.1 https://nvd.nist.gov/vuln/detail/CVE-2024-7009
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-7009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7009
https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7
https://starlabs.sg/advisories/24/24-7009/
cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*
CVE-2024-7009 https://nvd.nist.gov/vuln/detail/CVE-2024-7009
GLSA-202409-04 https://security.gentoo.org/glsa/202409-04
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-7009
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-7009
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.19176
EPSS Score 0.00049
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-08-06T10:58:09.110460+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-7009 34.0.0rc4