CVE-2018-20780
The CVE-2018-20780 entry concerns Traq 3.7.1, where a cross-site request forgery allows an attacker to trigger creation of an admin account (group_id=1). The vulnerability is CSRF in the web application, enabling unauthorized admin account creation without requiring user interaction beyond a craf...