mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-11 20:52:49 +02:00
0xMarcio
927 B
927 B
CVE-2021-25965
&color=brighgreen)
Description
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
POC
Reference
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25965
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25965
Github
No PoCs found on GitHub currently.