CVE-2024-32880

Published: Apr 26, 2024Modified: Sep 4, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication.

Affected (1)

Products: Pyload: Pyload

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pyload Pyload	Up to 0.5.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.