PyLoad Vulnerable to Path Traversal via Package Folder Name

Insufficient sanitization of package folder names allows writing files outside the intended download directory. Affected Component - src/pyload/core/api/init.py - Function: addpackage Description Package folder names are sanitized using insufficient string replacement: python folder =...

PT-2026-28586

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description pyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network...

EUVD-2025-29437

Malicious code in bioql PyPI...

SQL Injection

pyloadng is vulnerable to SQL Injection. The vulnerability is due to improper handling of the addlinks parameter in the /json/addpackage API, which allows an attacker to modify or delete database data leading to errors or loss...

Log Injection

pyload-ng is vulnerable to Log Injection. The vulnerability is due to improper input sanitization due to failure to filter user-supplied data in the /json/addpackage API, allowing attackers with package addition permissions to inject arbitrary messages into application logs...

GHSA-PWH4-6R3M-J2RF PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

Summary The parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details - Affected file：https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271 - Affected code: python...

PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

Summary The parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details - Affected file：https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271 - Affected code: python...

SQL Injection

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to SQL Injection via the addlinks parameter in the /json/addpackage API endpoint. An attacker can modify or delete data in the database by injecting malicious...

CVE-2025-55156

PyLoad (the Python-based download manager) contains a SQL Injection in the add_links parameter of the /json/add_package API. The issue allows attackers to modify or delete data in the database, causing data errors or loss. A patch was released in version 0.5.0b3.dev91; upgrading to this version (...

CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

PT-2025-32592 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev91 Description: pyLoad, a free and open-source Download Manager written in pure Python, contains a SQL Injection issue in the add links parameter of the /json/add package API endpoint. This allows attackers...

Arbitrary Code Injection

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Arbitrary Code Injection via improper handling of the addname parameter in the /json/addpackage API endpoint. An attacker can inject arbitrary log entries b...

PT-2025-32447 · Pypi · Pyload-Ng

Summary A log injection vulnerability was identified in pyload in API /json/add package. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when creating new package using API /json/ad...

ScriptAndTools Online-Travling-System 安全漏洞

ScriptAndTools Online-Travling-System is an online traveling system from ScriptAndTools, Inc. A security vulnerability exists in ScriptAndTools Online-Travling-System version 1.0, which stems from improper access control in the /admin/addpackage.php file, which could lead to bypassing access...

PT-2019-18679 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through 0.9.8.763 Description: The issue concerns a Stored/Persistent XSS vulnerability. It affects the add package module, specifically the Package Name field. This allows for potential exploitation via the module...

CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting

CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting Exploit Title: CentOS Web Panel 0.9.8.763 - Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 10 - January - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com...

iDev Rentals 1.0 - Multiple Vulnerabilities

iDev Rentals 1.0 - Multiple Vulnerabilities Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================...

iDev Rentals 1.0 Cross Site Scripting

Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...