Traq
by Traq
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-10013 | Cri | 0.68 | — | 0.01 | Aug 13, 2025 | Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be… | ||
| CVE-2018-20779 | Cri | 0.64 | 9.8 | 0.02 | Feb 11, 2019 | Traq 3.7.1 allows SQL Injection via a tickets?search= URI. | ||
| CVE-2018-20780 | Hig | 0.57 | 8.8 | 0.01 | Feb 11, 2019 | Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). |
- risk 0.68cvss —epss 0.01
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be…
- risk 0.64cvss 9.8epss 0.02
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
- risk 0.57cvss 8.8epss 0.01
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).