CVE-2025-55156

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GitHub_MCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Common Weakness Enumeration
References
https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271
https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f
https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf