7 matches found
GO-2025-3913 traQ Allows Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ
traQ Allows Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
CVE-2025-57813
CVE-2025-57813 affects the traQ messenger (github.com/traPtitech/traQ). Before version 3.25.0, error handling during SQL queries can write sensitive data (e.g., OAuth tokens) to log files. An attacker with log access could trigger SQL errors to illicitly read recorded secrets. The issue is fixed ...
CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ
traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...
CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ
traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...
CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...
CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...
Traq 安全漏洞
Traq is a PHP-based project management and issue tracking system from the individual developer Jack Polgar. A security vulnerability exists in Traq versions 2.0 through 2.3, which stems from a flaw in the authorization logic of the admincp/common.php script that could lead to remote code executio...