{"id":"CVE-2025-50184","summary":"DbGate allows for File Traversal via file parameter","details":"DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8.","aliases":["GHSA-2fp9-29gv-p5gm"],"modified":"2026-04-10T05:29:54.211301Z","published":"2025-07-26T03:27:05.690Z","database_specific":{"cwe_ids":["CWE-29"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/50xxx/CVE-2025-50184.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/50xxx/CVE-2025-50184.json"},{"type":"ADVISORY","url":"https://github.com/dbgate/dbgate/security/advisories/GHSA-2fp9-29gv-p5gm"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-50184"},{"type":"FIX","url":"https://github.com/dbgate/dbgate/commit/18b11df672b5a887bc17a6b9fdd13f9742c8f98e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dbgate/dbgate","events":[{"introduced":"0"},{"fixed":"131d16d3ea9a7e8e620afc65cc5468db6b618da1"}]}],"versions":["list","packages-api-v1.0.6","packages-api-v1.0.7","packages-sqlitree-v1.0.4","packages-tools-v1.0.5","packages-tools-v1.0.6","packages-tools-v1.0.7","packages-tools-v4.0.0-rc-2","packages-tools-v4.0.0-rc.1","packages-tools-v4.1.0-rc.1","packages-types-v1.0.2","v0.0.1","v0.0.2","v0.5.0","v0.5.1","v0.5.3","v0.5.4","v0.5.5","v3.7.0","v3.7.1","v3.7.10","v3.7.11","v3.7.12","v3.7.13","v3.7.14","v3.7.15","v3.7.16","v3.7.17","v3.7.18","v3.7.19","v3.7.2","v3.7.20","v3.7.21","v3.7.22","v3.7.23","v3.7.24","v3.7.25","v3.7.26","v3.7.27","v3.7.28","v3.7.29","v3.7.3","v3.7.30","v3.7.31","v3.7.32","v3.7.33","v3.7.4","v3.7.5","v3.7.6","v3.7.7","v3.7.8","v3.7.9","v3.8.1","v3.8.10","v3.8.11","v3.8.12","v3.8.13","v3.8.14","v3.8.15","v3.8.16","v3.8.17","v3.8.18","v3.8.19","v3.8.2","v3.8.20","v3.8.21","v3.8.22","v3.8.23","v3.8.24","v3.8.25","v3.8.26","v3.8.27","v3.8.28","v3.8.29","v3.8.3","v3.8.30","v3.8.31","v3.8.32","v3.8.33","v3.8.34","v3.8.35","v3.8.36","v3.8.37","v3.8.38","v3.8.39","v3.8.4","v3.8.40","v3.8.5","v3.8.6","v3.8.7","v3.8.8","v3.8.9","v3.9.0-beta.1","v3.9.0-beta.2","v3.9.0-beta.3","v3.9.1","v3.9.1-beta.1","v3.9.1-beta.2","v3.9.2","v3.9.2-beta.1","v3.9.3","v3.9.3-beta.1","v3.9.4","v3.9.5","v3.9.5-beta.1","v3.9.5-beta.2","v3.9.6","v3.9.6-alpha.1","v3.9.6-alpha.10","v3.9.6-alpha.11","v3.9.6-alpha.12","v3.9.6-alpha.13","v3.9.6-alpha.14","v3.9.6-alpha.2","v3.9.6-alpha.3","v3.9.6-alpha.4","v3.9.6-alpha.5","v3.9.6-alpha.6","v3.9.6-alpha.7","v3.9.6-alpha.9","v3.9.6-beta.1","v3.9.6-beta.2","v3.9.6-beta.3","v3.9.6-beta.4","v3.9.6-beta.5","v3.9.6-beta.6","v3.9.6-beta.7","v4.0.0","v4.0.0-beta.1","v4.0.0-beta.2","v4.0.0-beta.3","v4.0.0-beta.4","v4.0.0-beta.5","v4.0.1","v4.0.2","v4.0.3-beta.1","v4.1.0","v4.1.0-beta.1","v4.1.0-beta.2","v4.1.1","v4.1.1-beta.1","v4.1.1-beta.2","v4.1.1-beta.3","v4.1.10-beta.1","v4.1.10-beta.2","v4.1.10-beta.3","v4.1.10-beta.4","v4.1.10-beta.5","v4.1.2","v4.1.3","v4.1.4","v4.1.4-beta.1","v4.1.5","v4.1.5-beta.1","v4.1.5-beta.2","v4.1.6","v4.1.7","v4.1.8","v4.1.8-beta.1","v4.1.9","v4.1.9-beta.1","v4.2.0","v4.2.0-beta.1","v4.2.0-beta.10","v4.2.0-beta.2","v4.2.0-beta.3","v4.2.0-beta.5","v4.2.0-beta.6","v4.2.0-beta.7","v4.2.0-beta.8","v4.2.0-beta.9","v4.2.1-beta.1","v4.2.3","v4.2.3-beta.1","v4.2.3-beta.10","v4.2.3-beta.11","v4.2.3-beta.2","v4.2.3-beta.3","v4.2.3-beta.7","v4.2.3-beta.8","v4.2.3-beta.9","v4.2.4","v4.2.4-beta.1","v4.2.4-beta.3","v4.2.4-beta.4","v4.2.5-beta.1","v4.2.5-beta.2","v4.3.0-beta.1","v4.3.0-beta.2","v4.3.0-beta.3","v4.3.0-beta.4","v4.3.0-beta.5","v4.3.0-beta.6","v4.3.0-beta.7","v4.3.0-beta.8","v4.4.0","v4.4.0-alpha.1","v4.4.0-alpha.2","v4.4.0-beta.1","v4.4.0-beta.2","v4.4.0-beta.3","v4.4.0-beta.4","v4.4.1","v4.4.1-beta.1","v4.4.1-beta.2","v4.4.1-beta.3","v4.4.1-beta.4","v4.4.2","v4.4.2-beta.1","v4.4.2-beta.2","v4.4.2-beta.3","v4.4.2-beta.4","v4.4.3","v4.4.3-beta.1","v4.4.3-beta.2","v4.4.3-beta.3","v4.4.3-beta.4","v4.4.4","v4.4.4-beta.1","v4.4.4-beta.2","v4.4.4-beta.3","v4.4.4-beta.4","v4.4.5-beta.1","v4.4.5-beta.2","v4.5.0","v4.5.0-beta.1","v4.5.0-beta.2","v4.5.0-beta.3","v4.5.0-beta.4","v4.5.1","v4.5.1-beta.1","v4.5.1-beta.2","v4.5.1-beta.3","v4.6.0","v4.6.1","v4.6.1-beta.1","v4.6.1-beta.2","v4.6.1-beta.3","v4.6.2","v4.6.2-beta.1","v4.6.2-beta.2","v4.6.2-beta.4","v4.6.3","v4.6.3-beta.1","v4.6.3-beta.2","v4.6.4-beta.1","v4.6.4-beta.2","v4.6.4-beta.3","v4.6.4-docker.4","v4.6.4-docker.5","v4.7.0","v4.7.0-beta.1","v4.7.0-beta.2","v4.7.0-beta.3","v4.7.0-beta.4","v4.7.1","v4.7.1-beta.6","v4.7.1-beta.8","v4.7.1-docker.1","v4.7.1-docker.2","v4.7.1-docker.7","v4.7.2","v4.7.2-beta.2","v4.7.2-beta.3","v4.7.2-docker.1","v4.7.3","v4.7.3-alpha.2","v4.7.3-alpha.3","v4.7.3-alpha.5","v4.7.3-beta.1","v4.7.3-beta.4","v4.7.3-beta.6","v4.7.3-beta.7","v4.7.3-beta.8","v4.7.4","v4.7.4-alpha.1","v4.7.4-alpha.10","v4.7.4-alpha.12","v4.7.4-alpha.14","v4.7.4-alpha.15","v4.7.4-alpha.16","v4.7.4-alpha.2","v4.7.4-alpha.3","v4.7.4-alpha.7","v4.7.4-alpha.8","v4.7.4-beta.11","v4.7.4-beta.13","v4.7.4-beta.17","v4.7.4-beta.4","v4.7.4-beta.5","v4.7.4-beta.6","v4.7.4-beta.9","v4.7.5-beta.1","v4.8.0","v4.8.0-beta.1","v4.8.1","v4.8.1-beta.1","v4.8.2","v4.8.2-beta.1","v4.8.2-beta.2","v4.8.3","v4.8.3-beta.1","v4.8.3-beta.2","v4.8.3-beta.3","v4.8.4","v4.8.4-beta.1","v4.8.4-beta.7","v4.8.4-beta.8","v4.8.5","v4.8.6","v4.8.7","v4.8.7-beta.1","v4.8.7-beta.2","v4.8.8","v4.8.8-beta.1","v4.8.8-beta.2","v4.8.8-beta.3","v4.8.8-beta.4","v4.8.8-beta.5","v4.8.8-beta.6","v4.8.9-beta.1","v5.0.1","v5.0.1-beta.1","v5.0.2-beta.1","v5.0.2-beta.2","v5.0.3","v5.0.3-beta.1","v5.0.3-beta.2","v5.0.3-beta.3","v5.0.3-beta.4","v5.0.3-beta.5","v5.0.4-alpha.2","v5.0.4-alpha.7","v5.0.4-alpha.8","v5.0.4-beta.3","v5.0.4-beta.4","v5.0.4-beta.5","v5.0.4-beta.6","v5.0.4-beta.9","v5.0.5","v5.0.6","v5.0.6-alpha.2","v5.0.6-beta.1","v5.0.6-beta.3","v5.0.6-beta.5","v5.0.6-beta.6","v5.0.7","v5.0.7-beta.1","v5.0.7-beta.2","v5.0.7-beta.3","v5.0.7-beta.4","v5.0.7-beta.5","v5.0.8","v5.0.8-beta.1","v5.0.8-beta.2","v5.0.8-beta.3","v5.0.8-beta.4","v5.0.9","v5.0.9-beta.1","v5.1.0","v5.1.0-beta.4","v5.1.1","v5.1.1-beta.1","v5.1.1-beta.2","v5.1.1-beta.3","v5.1.1-beta.4","v5.1.1-beta.5","v5.1.2","v5.1.2-beta.1","v5.1.2-beta.2","v5.1.2-beta.3","v5.1.2-beta.4","v5.1.2-beta.5","v5.1.3","v5.1.3-beta.1","v5.1.3-beta.2","v5.1.4","v5.1.4-beta.10","v5.1.4-beta.11","v5.1.4-docker.1","v5.1.4-docker.2","v5.1.4-docker.3","v5.1.4-docker.4","v5.1.4-docker.5","v5.1.4-docker.6","v5.1.4-docker.7","v5.1.4-docker.8","v5.1.4-docker.9","v5.1.5","v5.1.6","v5.1.6-beta.1","v5.1.6-beta.2","v5.1.6-beta.3","v5.1.6-beta.4","v5.1.6-beta.5","v5.1.6-beta.6","v5.1.6-beta.7","v5.1.7-alpha.13","v5.1.7-alpha.14","v5.1.7-beta.10","v5.1.7-beta.11","v5.1.7-beta.12","v5.1.7-beta.2","v5.1.7-beta.3","v5.1.7-beta.4","v5.1.7-beta.5","v5.1.7-beta.6","v5.1.7-beta.7","v5.1.7-beta.8","v5.1.7-beta.9","v5.2.0","v5.2.1","v5.2.1-beta.1","v5.2.1-beta.2","v5.2.1-beta.3","v5.2.10-beta.1","v5.2.10-beta.4","v5.2.2","v5.2.2-alpha.11","v5.2.2-alpha.12","v5.2.2-alpha.13","v5.2.2-beta.2","v5.2.2-beta.3","v5.2.2-beta.4","v5.2.2-beta.5","v5.2.2-beta.7","v5.2.2-beta.8","v5.2.2-beta.9","v5.2.3","v5.2.3-beta.1","v5.2.3-beta.2","v5.2.3-beta.3","v5.2.3-beta.4","v5.2.3-beta.5","v5.2.3-beta.6","v5.2.3-beta.9","v5.2.4","v5.2.4-alpha.1","v5.2.5","v5.2.5-beta.16","v5.2.5-beta.17","v5.2.6","v5.2.6-beta.2","v5.2.6-beta.6","v5.2.6-beta.7","v5.2.6-beta.8","v5.2.6-beta.9","v5.2.7","v5.2.7-alpha.1","v5.2.7-beta.1","v5.2.7-beta.2","v5.2.8","v5.2.8-beta.1","v5.2.8-beta.11","v5.2.8-beta.12","v5.2.8-beta.17","v5.2.8-beta.23","v5.2.8-beta.24","v5.2.8-beta.7","v5.2.8-beta.9","v5.2.9","v5.2.9-beta.1","v5.2.9-beta.2","v5.2.9-beta.3","v5.2.9-beta.4","v5.2.9-beta.5","v5.2.9-beta.6","v5.3.0","v5.3.1","v5.3.1-beta.1","v5.3.1-beta.2","v5.3.1-beta.3","v5.3.2-beta.1","v5.3.2-beta.2","v5.3.2-beta.3","v5.3.2-pro.4","v5.3.3","v5.3.4","v5.3.4-beta.1","v5.3.5-beta.1","v5.3.5-beta.10","v5.3.5-beta.11","v5.3.5-beta.12","v5.3.5-beta.13","v5.3.5-beta.2","v5.3.5-beta.23","v5.3.5-beta.24","v5.3.5-beta.3","v5.3.5-pro.14","v5.3.5-pro.15","v5.3.5-pro.16","v5.3.5-pro.17","v5.3.5-pro.18","v5.3.5-pro.19","v5.3.5-pro.20","v5.3.5-pro.21","v5.3.5-pro.22","v5.4.0","v5.4.1","v5.4.1-beta.1","v5.4.1-beta.2","v5.4.2-beta.7","v5.4.2-pro.1","v5.4.2-pro.2","v5.4.2-pro.3","v5.4.2-pro.5","v5.4.2-pro.6","v5.4.4","v5.4.4-beta.1","v5.4.4-beta.11","v5.4.4-beta.12","v5.4.4-beta.2","v5.4.4-beta.3","v5.4.4-premium-beta.5","v5.4.5-beta.11","v5.4.5-beta.13","v5.4.5-beta.14","v5.4.5-beta.15","v5.4.5-beta.6","v5.4.5-beta.7","v5.4.5-premium-beta.12","v5.5.1","v5.5.2","v5.5.3","v5.5.3-beta.1","v5.5.3-beta.3","v5.5.3-beta.4","v5.5.4","v5.5.4-alpha.1","v5.5.4-alpha.2","v5.5.4-alpha.3","v5.5.4-alpha.4","v5.5.4-alpha.7","v5.5.4-alpha.8","v5.5.4-beta.10","v5.5.4-beta.5","v5.5.4-premium-beta.6","v5.5.4-premium-beta.9","v5.5.5","v5.5.5-beta.3","v5.5.5-premium-beta.1","v5.5.5-premium-beta.2","v5.5.5-premium-beta.4","v5.5.5-premium-beta.5","v5.5.6","v5.5.6-beta.1","v5.5.6-beta.11","v5.5.6-beta.3","v5.5.6-beta.4","v5.5.6-premium-beta.10","v5.5.6-premium-beta.2","v5.5.6-premium-beta.5","v5.5.6-premium-beta.6","v5.5.6-premium-beta.7","v5.5.6-premium-beta.8","v5.5.6-premium-beta.9","v5.5.7-alpha.16","v5.5.7-alpha.25","v5.5.7-alpha.26","v5.5.7-alpha.27","v5.5.7-alpha.28","v5.5.7-alpha.29","v5.5.7-alpha.52","v5.5.7-alpha.53","v5.5.7-alpha.60","v5.5.7-alpha.68","v5.5.7-beta.14","v5.5.7-beta.15","v5.5.7-beta.22","v5.5.7-beta.54","v5.5.7-beta.55","v5.5.7-beta.56","v5.5.7-beta.57","v5.5.7-beta.58","v5.5.7-beta.59","v5.5.7-beta.61","v5.5.7-beta.62","v5.5.7-beta.63","v5.5.7-beta.64","v5.5.7-beta.66","v5.5.7-beta.67","v5.5.7-beta.69","v5.5.7-packer-beta.1","v5.5.7-packer-beta.17","v5.5.7-packer-beta.18","v5.5.7-packer-beta.19","v5.5.7-packer-beta.2","v5.5.7-packer-beta.20","v5.5.7-packer-beta.21","v5.5.7-packer-beta.3","v5.5.7-packer-beta.4","v5.5.7-packer-beta.6","v5.5.7-packer-beta.7","v5.5.7-packer.17","v5.5.7-premium-beta.23","v5.5.7-premium-beta.24","v5.5.7-premium-beta.65","v6.0.0","v6.0.0-alpha.1","v6.0.0-beta.3","v6.0.0-beta.4","v6.0.0-premium-beta.2","v6.0.0-premium-beta.5","v6.0.0-premium-beta.6","v6.0.1-beta.3","v6.0.1-beta.4","v6.0.1-beta.5","v6.0.1-beta.6","v6.0.1-packer-beta.1","v6.0.1-packer-beta.2","v6.1.0","v6.1.1","v6.1.1-beta.1","v6.1.2","v6.1.2-beta.1","v6.1.2-beta.10","v6.1.2-beta.11","v6.1.2-beta.12","v6.1.2-beta.13","v6.1.2-beta.17","v6.1.2-beta.2","v6.1.2-beta.3","v6.1.2-beta.4","v6.1.2-beta.5","v6.1.2-beta.6","v6.1.2-beta.7","v6.1.2-beta.8","v6.1.2-beta.9","v6.1.2-premium-beta.14","v6.1.2-premium-beta.15","v6.1.2-premium-beta.16","v6.1.2-premium-beta.18","v6.1.3","v6.1.3-beta.2","v6.1.3-premium-beta.4","v6.2.1","v6.2.1-beta.1","v6.2.1-beta.3","v6.2.1-beta.4","v6.2.1-beta.5","v6.2.1-beta.8","v6.2.1-premium-beta.11","v6.2.1-premium-beta.2","v6.2.1-premium-beta.6","v6.2.1-premium-beta.7","v6.2.1-premium-beta.9","v6.2.2-beta.10","v6.2.2-packer-beta.2","v6.2.2-packer-beta.3","v6.2.2-packer-beta.4","v6.2.2-packer.1","v6.2.2-premium-beta.5","v6.2.2-premium-beta.6","v6.2.2-premium-beta.7","v6.2.2-premium-beta.8","v6.2.2-premium-beta.9","v6.3.2","v6.3.2-beta.1","v6.3.2-beta.2","v6.3.2-premium-beta.3","v6.3.2-premium-beta.4","v6.3.3","v6.3.3-premium-beta.1","v6.3.3-premium-beta.2","v6.3.4-beta.2","v6.3.4-beta.4","v6.3.4-premium-beta.1","v6.3.4-premium-beta.3","v6.3.4-premium-beta.5","v6.4.0","v6.4.1","v6.4.1-beta.2","v6.4.2","v6.4.2-beta.1","v6.4.2-premium-beta.2","v6.4.2-premium-beta.3","v6.4.3-alpha.1","v6.4.3-beta.3","v6.4.3-premium-beta.4","v6.4.3-premium-beta.5","v6.4.3-premium-beta.6","v6.4.3-premium-beta.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-50184.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"}]}