CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47821 – pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
https://notcve.org/view.php?id=CVE-2024-47821
pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions on the 0.5 branch prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. • https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53g • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32880 – pyLoad allows upload to arbitrary folder lead to RCE
https://notcve.org/view.php?id=CVE-2024-32880
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication. pyload es un administrador de descargas de código abierto escrito en Python puro. Un usuario autenticado puede cambiar la carpeta de descarga y cargar una plantilla manipulada en la carpeta especificada, lo que lleva a la ejecución remota del código. No hay ninguna solución disponible en el momento de la publicación. • https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24808 – pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
https://notcve.org/view.php?id=CVE-2024-24808
pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. pyLoad es un administrador de descargas de código abierto escrito en Python puro. Existe una vulnerabilidad de redireccionamiento abierto debido a la validación incorrecta de los valores de entrada al redirigir a los usuarios después de iniciar sesión. pyLoad valida las URL a través de la función `get_redirect_url` cuando redirige a los usuarios al iniciar sesión. Esta vulnerabilidad se ha solucionado con el commit fe94451. • https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22416 – Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
https://notcve.org/view.php?id=CVE-2024-22416
pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. • https://github.com/mindstorm38/ensimag-secu3a-cve-2024-22416 https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 36%CPEs: 3EXPL: 2CVE-2024-21644 – pyLoad unauthenticated flask configuration leakage
https://notcve.org/view.php?id=CVE-2024-21644
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77. pyLoad es el administrador de descargas gratuito y de código abierto escrito en Python puro. Cualquier usuario no autenticado puede navegar a una URL específica para exponer la configuración de Flask, incluida la variable `SECRET_KEY`. Este problema se solucionó en la versión 0.5.0b3.dev77. • https://github.com/ltranquility/CVE-2024-21644-Poc https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40 https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv • CWE-284: Improper Access Control •