CVE-2025-50184
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-07-26 04:16:03
Güncelleme
2025-07-29 14:14:55
Source Identifier
security-advisories@github.com
KEV Date Added
-