PT-2025-47158

Name of the Vulnerable Software and Affected Versions QaTraq version 6.9.2 Description Authenticated users can upload arbitrary files through the "Add Attachment" feature within the "Test Script" module. The application does not restrict file types, allowing the upload of executable PHP files...

EUVD-2018-13323

Malware in sbrugna...

EUVD-2018-13322

Malware in sbrugna...

EUVD-2011-5239

Malware in sbrugna...

EUVD-2025-25835

Malicious code in bioql PyPI...

GO-2025-3913 traQ Allows Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ

traQ Allows Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

CVE-2025-57813

CVE-2025-57813 affects the traQ messenger (github.com/traPtitech/traQ). Before version 3.25.0, error handling during SQL queries can write sensitive data (e.g., OAuth tokens) to log files. An attacker with log access could trigger SQL errors to illicitly read recorded secrets. The issue is fixed ...

CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

traQ 日志信息泄露漏洞

traq is a PHP-based project management and issue tracking system by Jack Polgar, a personal developer. A log information disclosure vulnerability exists in versions of traQ prior to 3.25.0, which stems from recording sensitive information in SQL error logs, which could lead to information...

CVE-2011-10013

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...

CVE-2011-10013

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...

CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...

CVE-2011-10013

CVE-2011-10013 affects Traq versions 2.0–2.3. The vulnerability resides in admincp/common.php where flawed authorization allows unauthenticated access to admin-only functionality via plugins.php, enabling remote code execution. Documented exploit references exist (e.g., Exploit-DB entries; Metasp...

CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...

PT-2025-33082 · Traq · Traq

Name of the Vulnerable Software and Affected Versions: Traq versions 2.0 through 2.3 Description: Traq versions 2.0 through 2.3 contain a remote code execution issue in the admincp/common.php script. The flawed authorization logic does not halt execution after a failed access check, allowing...

Traq 安全漏洞

Traq is a PHP-based project management and issue tracking system from the individual developer Jack Polgar. A security vulnerability exists in Traq versions 2.0 through 2.3, which stems from a flaw in the authorization logic of the admincp/common.php script that could lead to remote code executio...

CVE-2018-20780

Traq 3.7.1 allows admin/users/new CSRF to create an admin account aka groupid=1...

CVE-2018-20779

Traq 3.7.1 allows SQL Injection via a tickets?search= URI...