CNNVD-202508-973 Information
CNNVD ID
CNNVD-202508-973
Related CVE
- CNNVD Published: 2025-08-11
Description (Chinese)
pyLoad是pyLoad开源的一个用 Python 编写的免费开源下载管理器。 pyLoad 0.5.0b3.dev91之前版本存在SQL注入漏洞,该漏洞源于API参数add_links未充分过滤,可能导致SQL注入攻击。
Description (English)
PyLoad is a free open source download manager by Python. Pre-version version of pyLoad 0.5.0b3.dev91 has an injection loophole in SQL, which results from inadequate filtering of API parameter add links, which may lead to an SQL injection attack.
Hazard Level
Low
Vulnerability Type
SQL注入
Affected Vendor
pyLoad
Published
2025-08-11
Last Modified
2026-02-24
References
https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271 https://access.redhat.com/security/cve/cve-2025-55156
Patch
https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f
Share on: