We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-50184

DbGate allows for File Traversal via file parameter



Description

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8.

Reserved 2025-06-13 | Published 2025-07-26 | Updated 2025-07-26 | Assigner GitHub_M


HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-29: Path Traversal: '..filename'

Product status

< 6.4.3-beta.8
affected

References

github.com/...dbgate/security/advisories/GHSA-2fp9-29gv-p5gm

github.com/...ommit/18b11df672b5a887bc17a6b9fdd13f9742c8f98e

cve.org (CVE-2025-50184)

nvd.nist.gov (CVE-2025-50184)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-50184

Support options

Helpdesk Chat, Email, Knowledgebase