Vulnerability Description
pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.
Related Weaknesses (CWE)
References
- https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_data
- https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f
- https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf
FAQ
What is CVE-2025-55156?
CVE-2025-55156 is a documented vulnerability. pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers c...
How severe is CVE-2025-55156?
CVSS scoring is not yet available for CVE-2025-55156. Check NVD for updates.
Is there a patch for CVE-2025-55156?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.