2 matches found
GHSA-8V3Q-9VMX-36VC DbGate: Unauthenticated Remote Code Execution via JSON Script Runner
Summary DbGate's JSON script runner POST /runners/start allows remote code execution via code injection in the functionName parameter of JSON script assign commands. The functionName value is interpolated directly into dynamically generated JavaScript source code via string concatenation. The...
Exploit for CVE-2026-47668
CVE-2026-47668 DbGate Unauthenticated Remote Code Execution...