Access Control: DbGate Web Client - Unauthenticated Remote Command Execution¶

Identifier: dbgate_unauth_rce

Scanner(s) Support¶

Description¶

DbGate Web Client Management is susceptible to unauthenticated remote code execution vulnerabilities, allowing attackers to execute arbitrary commands without authentication.

How we test: We test for unauthenticated remote code execution vulnerabilities in DbGate by attempting to execute commands without authentication and analyzing responses to detect if arbitrary code execution is possible.

Reference:

• https://github.com/dbgate/dbgate
• https://dbgate.org/docs/env-variables.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  dbgate_unauth_rce:
    skip: false

Reference¶

skip¶

Type : boolean

Skip the test if true.