Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
{ "ubuntu_priority": "medium", "binaries": [ { "binary_name": "calibre", "binary_version": "7.16.0+ds-1" }, { "binary_name": "calibre-bin", "binary_version": "7.16.0+ds-1" }, { "binary_name": "calibre-bin-dbgsym", "binary_version": "7.16.0+ds-1" } ], "availability": "No subscription required" }