Skip to main content

Pyload CVE-2023-47890

HIGH
Path Traversal (CWE-22)
2024-01-08 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 19:34 vuln.today
PoC Detected
Jun 03, 2025 - 15:15 vuln.today
Public exploit code
CVE Published
Jan 08, 2024 - 20:15 nvd
HIGH 8.8

DescriptionNVD

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.

AnalysisAI

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Affected products include: Pyload.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

More in Pyload

View all
CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2023-0297 CRITICAL POC
9.8 Jan 14

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. Rated critical severity (CVSS 9.8), this vulne

CVE-2023-0435 CRITICAL POC
9.8 Jan 22

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. Rated critical severity (CVSS 9.8),

CVE-2023-0434 HIGH POC
7.5 Jan 22

Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40. Rated high severity (CVSS 7.5), thi

CVE-2023-0509 HIGH POC
7.4 Jan 26

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44. Rated high severity (CVSS 7.4

CVE-2024-32880 HIGH POC
7.2 Apr 26

pyload is an open-source Download Manager written in pure Python. Rated high severity (CVSS 7.2), this vulnerability is

CVE-2023-0227 MEDIUM POC
6.5 Jan 12

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. Rated medium severity (CVSS 6

CVE-2024-1240 MEDIUM POC
6.1 Nov 15

An open redirection vulnerability exists in pyload/pyload version 0.5.0. Rated medium severity (CVSS 6.1), this vulnerab

CVE-2024-24808 MEDIUM POC
6.1 Feb 06

pyLoad is an open-source Download Manager written in pure Python. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2023-0488 MEDIUM POC
5.4 Jan 26

Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. Rated medium severity (CV

CVE-2023-0055 MEDIUM POC
5.3 Jan 04

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.

Share

CVE-2023-47890 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy