Description

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8.

INFO

Published Date :

2025-07-26T03:27:05.690Z

Last Modified :

2025-07-28T15:58:17.489Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-50184 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-50184.

URL Resource
https://github.com/dbgate/dbgate/commit/18b11df672b5a887bc17a6b9fdd13f9742c8f98e cve-icon cve-icon
https://github.com/dbgate/dbgate/security/advisories/GHSA-2fp9-29gv-p5gm cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability