CVE-2025-55156 Information

Aug 12, 2025 cve

Description

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91 the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.

Reference

https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271 https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf

CNNVD-202508-973 (Published: 2025-08-11)

Share on:

CVE-2025-55156 Information

Description

Reference

Related CNNVD