calibreweb is vulnerable to authorization bypass. The vulnerability exists in create_edit_shelf
function in shelf.py
because the server doesn’t properly validate the user permissions which allows an attacker to create and modify public and private shelves.
github.com/janeczku/calibre-web/blob/master/cps/shelf.py#L362
github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf
github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706
huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db
huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db/