QwikSec

Security Database

CVE

CWE

Training

CVE-2025-55156

Published: Aug 11, 2025

Modified: Aug 12, 2025

PUBLISHED

Description

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.

Vendor	Product	Versions
pyload	pyload	affected `< 0.5.0b3.dev91`

Weaknesses (CWE)

References

https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf

x_refsource_CONFIRM

https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f

x_refsource_MISC

https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.