dbgate-api · IA Squad

Skip to content

js · dbgate-apiCritical

DbGate API: Arbitrary Code Execution via Unsanitized functionName in POST /runners/load-reader

The POST /runners/load-reader endpoint directly interpolates the functionName parameter into a JavaScript code template without sa

09 Jun 2026 · act now