4 matches found
Log Injection
pyload-ng is vulnerable to Log Injection. The vulnerability is due to improper input sanitization due to failure to filter user-supplied data in the /json/addpackage API, allowing attackers with package addition permissions to inject arbitrary messages into application logs...
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
Summary The parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details - Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271 - Affected code: python...
GHSA-PWH4-6R3M-J2RF PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
Summary The parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details - Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271 - Affected code: python...
Arbitrary Code Injection
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Arbitrary Code Injection via improper handling of the addname parameter in the /json/addpackage API endpoint. An attacker can inject arbitrary log entries b...