2 matches found
CVE-2025-54140
Summary: pyLoad (v0.5.0b3.dev89 affected) exposes an authenticated path traversal via the /json/upload endpoint where the uploaded file’s name is not sanitized, enabling arbitrary file writes outside the intended directory. This can lead to Remote Code Execution, local privilege escalation, and s...
PT-2025-30362 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev90 Description: pyLoad contains an authenticated path traversal vulnerability in the /json/upload endpoint. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended...