CVE-2025-55156 | pyload up to 0.5.0b3.dev90 API /json/add_package add_links sql injection (GHSA-pwh4-6r3m-j2rf)

A vulnerability classified as critical has been found in pyload up to 0.5.0b3.dev90. Affected is an unknown function of the file /json/add_package of the component API. The manipulation of the argument add_links leads to sql injection.

This vulnerability is traded as CVE-2025-55156. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More