CVE-2025-50184

Name of the Vulnerable Software and Affected Versions DbGate versions 6.4.3-premium-beta.5 and below

Description DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. This allows manipulation of the endpoint that lists files within the upload directory to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data.

Recommendations Update to DbGate version 6.4.3-beta.8 or later.