CVE-2025-55156

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-55156

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-55156.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-55156

Aliases

GHSA-pwh4-6r3m-j2rf

Published

2025-08-11T23:15:26Z

Modified

2025-08-12T15:49:58.606566Z

Summary

[none]

Details

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.

References

Affected packages

Git / github.com/pyload/pyload

Affected ranges

Type: GIT
Repo: https://github.com/pyload/pyload
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

134edcdf6e2a10c393743c254da3d9d90b74258f

Affected versions

v0.*

v0.1

v0.1.1

v0.2

v0.2.1

v0.2.2

v0.3

v0.3.1

v0.3.2

v0.4

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9