Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
- https://www.exploit-db.com/exploits/18213
- https://www.exploit-db.com/exploits/18239
- https://www.vulncheck.com/advisories/traq-issue-tracking-system-rce
No PoCs found on GitHub currently.