VYPR

Traq

by Traq

CVEs (3)

  • CVE-2011-10013CriAug 13, 2025
    risk 0.68cvss epss 0.01

    Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be…

  • CVE-2018-20779CriFeb 11, 2019
    risk 0.64cvss 9.8epss 0.02

    Traq 3.7.1 allows SQL Injection via a tickets?search= URI.

  • CVE-2018-20780HigFeb 11, 2019
    risk 0.57cvss 8.8epss 0.01

    Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).