77 matches found
CVE-2025-50184
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via insufficient validation of file paths and types in the reader function. An attacker can access arbitrary files on the...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the file parameter in the /uploads/get endpoint. An attacker can access arbitrary files on the system by supplying a...
CVE-2025-50185
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...
CVE-2025-50184
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be...
CVE-2025-50185
CVE-2025-50185 (DbGate) affects DbGate ≤ 6.6.0. Affected component: the dbgate-plugin-csv reader function, which does not validate file paths/types before reading files. This enables unauthorized access to arbitrary system files (e.g., /etc/shadow) by a user with application-level access, via the...
CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...
CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...
CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...
CVE-2025-50184 DbGate allows for File Traversal via file parameter
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be...
CVE-2025-50184 DbGate allows for File Traversal via file parameter
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be...
CVE-2025-50184
DbGate (cross‑platform database manager) contains a directory traversal vulnerability in the uploads/file handling. In versions 6.4.3-premium-beta.5 and earlier, the file parameter is not restricted to the uploads directory, allowing an attacker to craft a path to read arbitrary files outside tha...
CVE-2025-50184 DbGate allows for File Traversal via file parameter
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be...
PT-2025-30949 · Dbgate · Dbgate +1
Name of the Vulnerable Software and Affected Versions: DbGate versions 6.6.0 and below Description: DbGate, a cross-platform database manager, allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from...
PT-2025-30948 · Dbgate · Dbgate
Name of the Vulnerable Software and Affected Versions: DbGate versions 6.4.3-premium-beta.5 and below Description: DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. This allows manipulation of the endpoint that lis...
DbGate 安全漏洞
DbGate is a database manager from the DbGate open source. A security vulnerability exists in DbGate 6.6.0 and earlier versions, which stems from insufficient file path validation and could lead to unauthorized file access...
DbGate 安全漏洞
DbGate is a database manager in the DbGate open source. A security vulnerability exists in DbGate 6.4.3-premium-beta.5 and earlier versions, which stems from insufficient validation of file parameters and can lead to directory traversal...