Traq is a PHP5+ and MySQL4+ based Project Tracking system with the ability to host multiple projects.
The flaw is caused due to admin rights not properly being restricted in the "authenticate()" function in admincp/common.php. This can be exploited to execute arbitrary code.
Upgrade to Traq 2.3.1 or later.
This exploit has been tested against Traq 2.3 on Linux.