We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8.
Reserved 2025-06-13 | Published 2025-07-26 | Updated 2025-07-26 | Assigner GitHub_MCWE-29: Path Traversal: '..filename'
github.com/...dbgate/security/advisories/GHSA-2fp9-29gv-p5gm
github.com/...ommit/18b11df672b5a887bc17a6b9fdd13f9742c8f98e
Support options