SQL Injection

pyloadng is vulnerable to SQL Injection. The vulnerability is due to improper handling of the addlinks parameter in the /json/addpackage API, which allows an attacker to modify or delete database data leading to errors or loss...

SQL Injection

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to SQL Injection via the addlinks parameter in the /json/addpackage API endpoint. An attacker can modify or delete data in the database by injecting malicious...

CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

PT-2025-32592 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev91 Description: pyLoad, a free and open-source Download Manager written in pure Python, contains a SQL Injection issue in the add links parameter of the /json/add package API endpoint. This allows attackers...