pyLoad Log Injection

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

输出中的特殊元素转义处理不恰当(注入)

pyLoad 注入漏洞

pyload是一个用 Python 编写的免费开源下载管理器，设计为极其轻量级、易于扩展且可通过 Web 完全管理。 pyLoad 0.5.0b3.dev76之前版本存在注入漏洞，该漏洞源于存在日志注入漏洞。

N/A

N/A