Vendor
Traptitech
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-10013 | Cri | 0.74 | — | 0.01 | Aug 13, 2025 | Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be… | ||
| CVE-2025-57813 | Med | 0.31 | 5.9 | 0.00 | Aug 26, 2025 | traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could… | ||
| CVE-2018-20779 | 0.00 | — | 0.02 | Feb 11, 2019 | Traq 3.7.1 allows SQL Injection via a tickets?search= URI. | |||
| CVE-2018-20780 | 0.00 | — | 0.01 | Feb 11, 2019 | Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). |
- risk 0.74cvss —epss 0.01
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be…
- risk 0.31cvss 5.9epss 0.00
traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could…
- CVE-2018-20779Feb 11, 2019risk 0.00cvss —epss 0.02
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
- CVE-2018-20780Feb 11, 2019risk 0.00cvss —epss 0.01
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).