CVE-2025-55156

N/A Unknown
Published: August 11, 2025 Modified: April 15, 2026
View on NVD

Description

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271
Source: security-advisories@github.com
https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f
Source: security-advisories@github.com
https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf
Source: security-advisories@github.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.0%
15th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-89

Related CVEs

CVE-2026-7696 6.3
CVE-2026-7695 7.3
CVE-2026-7694 7.3
CVE-2026-7692 6.3
CVE-2026-7691 6.3