65 matches found
CVE-2018-20779
Traq 3.7.1 allows SQL Injection via a tickets?search= URI...
CVE-2018-20779
Traq 3.7.1 allows SQL Injection via a tickets?search= URI...
CVE-2018-20780
Traq 3.7.1 allows admin/users/new CSRF to create an admin account aka groupid=1...
Sql injection
Traq 3.7.1 allows SQL Injection via a tickets?search= URI...
Cross site request forgery (csrf)
Traq 3.7.1 allows admin/users/new CSRF to create an admin account aka groupid=1...
CVE-2018-20780
Traq 3.7.1 allows admin/users/new CSRF to create an admin account aka groupid=1...
CVE-2018-20779
The connected sources confirm a concrete vulnerability in Traq 3.7.1: an SQL Injection via the URI parameter tickets?search=, caused by insufficient input validation. Affected component is the Traq web application (PHP-based project management/issue tracker) and the flaw enables manipulation of S...
CVE-2018-20779
Traq 3.7.1 allows SQL Injection via a tickets?search= URI...
CVE-2018-20780
The CVE-2018-20780 entry concerns Traq 3.7.1, where a cross-site request forgery allows an attacker to trigger creation of an admin account (group_id=1). The vulnerability is CSRF in the web application, enabling unauthorized admin account creation without requiring user interaction beyond a craf...
Traq SQL Injection Vulnerability
Traq is a PHP-based project management and issue tracking system. Traq suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to execute illegal SQL commands...
Traq Cross-Site Request Forgery Vulnerability
Traq is a PHP-based project management and issue tracking system. Traq suffers from a cross-site request forgery vulnerability that arises from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could use this vulnerability to send...
Traq 3.7.1 CSRF / XSS / SQL Injection Vulnerabilities
Exploit for php platform in category web applications ================================================= Synopsis: Traq vulnerable to XSS, Admin account creation CSRF, SQL Injection, Lack of session timeout. Product: Traq Version: 3.7.1 Vendor site: https://traq.io/ Researcher: Matt Landers...
Traq 3.7.1 CSRF / XSS / SQL Injection
================================================= Synopsis: Traq vulnerable to XSS, Admin account creation CSRF, SQL Injection, Lack of session timeout. Product: Traq Version: 3.7.1 Vendor site: https://traq.io/ Researcher: Matt Landers [email protected] twitter.com/matthewjland...
CVE-2011-10013
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/traqpluginexec.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
Traq <= 2.3 Authentication Bypass / Remote Code Execution Exploit
No description provided by source. ?php / ----------------------------------------------------------------- Traq = 2.3 Authentication Bypass / Remote Code Execution Exploit ----------------------------------------------------------------- author...............: Egidio Romano aka EgiX...
traq 2.3.5 - Multiple Vulnerabilities
No description provided by source. ==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capabl...
Traq admincp/common.php authenticate() Function Authentication Bypass Remote Code Execution
The version of Traq installed on the remote host contains a flaw that could allow a remote attacker to bypass the authentication mechanism and inject and execute arbitrary code. The flaw is caused by the application failing to properly restrict admin rights in the 'authenticate' function in...
traq-2.3.5_CSRF_XSS_SQL_INjeCTION_vulns
==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capable of tracking issues for multiple...
Traq 2.3.5 CSRF / XSS / SQL Injection
==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capable of tracking issues for multiple...
Traq 2.3.5 CSRF / XSS / SQL Injection Vulnerability
Exploit for php platform in category web applications ==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered...