Description

pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. Version 0.5.0b3.dev87 fixes this issue.

INFO

Published Date :

2024-10-25T22:48:57.950Z

Last Modified :

2024-10-28T19:41:54.018Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47821 vulnerability.

Vendors Products
Pyload
  • Pyload
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47821.

URL Resource
https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53g cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact