Lucene search
K

65 matches found

NVD
NVD
added 2019/02/11 2:29 a.m.13 views

CVE-2018-20779

Traq 3.7.1 allows SQL Injection via a tickets?search= URI...

9.8CVSS9.8AI score0.01973EPSS
Exploits1References1
OSV
OSV
added 2019/02/11 2:29 a.m.4 views

CVE-2018-20779

Traq 3.7.1 allows SQL Injection via a tickets?search= URI...

9.8CVSS5.8AI score0.01973EPSS
Exploits1References1
OSV
OSV
added 2019/02/11 2:29 a.m.2 views

CVE-2018-20780

Traq 3.7.1 allows admin/users/new CSRF to create an admin account aka groupid=1...

8.8CVSS5.8AI score0.00804EPSS
Exploits1References1
Prion
Prion
added 2019/02/11 2:29 a.m.12 views

Sql injection

Traq 3.7.1 allows SQL Injection via a tickets?search= URI...

7.5CVSS9.8AI score0.01973EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/02/11 2:29 a.m.12 views

Cross site request forgery (csrf)

Traq 3.7.1 allows admin/users/new CSRF to create an admin account aka groupid=1...

6.8CVSS8.6AI score0.00804EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/02/11 2:0 a.m.15 views

CVE-2018-20780

Traq 3.7.1 allows admin/users/new CSRF to create an admin account aka groupid=1...

8.7AI score0.00804EPSS
Exploits1References1
CVE
CVE
added 2019/02/11 2:0 a.m.39 views

CVE-2018-20779

The connected sources confirm a concrete vulnerability in Traq 3.7.1: an SQL Injection via the URI parameter tickets?search=, caused by insufficient input validation. Affected component is the Traq web application (PHP-based project management/issue tracker) and the flaw enables manipulation of S...

9.8CVSS9.7AI score0.01973EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/02/11 2:0 a.m.18 views

CVE-2018-20779

Traq 3.7.1 allows SQL Injection via a tickets?search= URI...

9.9AI score0.01973EPSS
Exploits1References1
CVE
CVE
added 2019/02/11 2:0 a.m.36 views

CVE-2018-20780

The CVE-2018-20780 entry concerns Traq 3.7.1, where a cross-site request forgery allows an attacker to trigger creation of an admin account (group_id=1). The vulnerability is CSRF in the web application, enabling unauthorized admin account creation without requiring user interaction beyond a craf...

8.8CVSS8.6AI score0.00804EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/02/11 12:0 a.m.1 views

Traq SQL Injection Vulnerability

Traq is a PHP-based project management and issue tracking system. Traq suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to execute illegal SQL commands...

9.8CVSS8.2AI score0.01973EPSS
Exploits1References1
CNVD
CNVD
added 2019/02/11 12:0 a.m.1 views

Traq Cross-Site Request Forgery Vulnerability

Traq is a PHP-based project management and issue tracking system. Traq suffers from a cross-site request forgery vulnerability that arises from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could use this vulnerability to send...

8.8CVSS6.9AI score0.00804EPSS
Exploits1References1
0day.today
0day.today
added 2018/10/23 12:0 a.m.27 views

Traq 3.7.1 CSRF / XSS / SQL Injection Vulnerabilities

Exploit for php platform in category web applications ================================================= Synopsis: Traq vulnerable to XSS, Admin account creation CSRF, SQL Injection, Lack of session timeout. Product: Traq Version: 3.7.1 Vendor site: https://traq.io/ Researcher: Matt Landers...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/10/22 12:0 a.m.26 views

Traq 3.7.1 CSRF / XSS / SQL Injection

================================================= Synopsis: Traq vulnerable to XSS, Admin account creation CSRF, SQL Injection, Lack of session timeout. Product: Traq Version: 3.7.1 Vendor site: https://traq.io/ Researcher: Matt Landers [email protected] twitter.com/matthewjland...

0.5AI score
Exploits0
Circl
Circl
added 2018/05/29 3:50 p.m.4 views

CVE-2011-10013

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/traqpluginexec.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

10CVSS5.7AI score0.01489EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Traq <= 2.3 Authentication Bypass / Remote Code Execution Exploit

No description provided by source. ?php / ----------------------------------------------------------------- Traq = 2.3 Authentication Bypass / Remote Code Execution Exploit ----------------------------------------------------------------- author...............: Egidio Romano aka EgiX...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

traq 2.3.5 - Multiple Vulnerabilities

No description provided by source. ==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capabl...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/11/12 12:0 a.m.31 views

Traq admincp/common.php authenticate() Function Authentication Bypass Remote Code Execution

The version of Traq installed on the remote host contains a flaw that could allow a remote attacker to bypass the authentication mechanism and inject and execute arbitrary code. The flaw is caused by the application failing to properly restrict admin rights in the 'authenticate' function in...

6.2AI score
Exploits0References1
securityvulns
securityvulns
added 2012/06/25 12:0 a.m.90 views

traq-2.3.5_CSRF_XSS_SQL_INjeCTION_vulns

==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capable of tracking issues for multiple...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2012/06/21 12:0 a.m.45 views

Traq 2.3.5 CSRF / XSS / SQL Injection

==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capable of tracking issues for multiple...

0.5AI score
Exploits0
0day.today
0day.today
added 2012/06/21 12:0 a.m.31 views

Traq 2.3.5 CSRF / XSS / SQL Injection Vulnerability

Exploit for php platform in category web applications ==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered...

7.1AI score
Exploits0
Rows per page
Query Builder