Traq 'authenticate()'函数远程代码执行漏洞

Bugtraq ID: 50961 Traq是一款基于PHP/MySQL的项目管理软件 定义在/admincp/common.php中的authenticate函数存在错误： 27. function authenticate 28. 29. global $user; 30. 31. if!$user-group'isadmin' 32. header"Location: login.php"; 33...

Traq 2.2 - Multiple SQL Injections / Cross-Site Scripting

source: https://www.securityfocus.com/bid/49835/info Traq is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication...

Traq 2.2 - Multiple SQL Injections Cross-Site Scripting

Traq 2.2 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/49835/info Traq is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow...