CVE-2025-50184 Information
Jul 27, 2025
cve
Description
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter an attacker can read files outside the upload directory potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8.
Reference
https://github.com/dbgate/dbgate/commit/18b11df672b5a887bc17a6b9fdd13f9742c8f98e https://github.com/dbgate/dbgate/security/advisories/GHSA-2fp9-29gv-p5gm
Related CNNVD
CNNVD-202507-3359 (Published: 2025-07-26)
Share on: