Описание
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
Ссылки
EPSS
Процентиль: 98%
0.60003
Средний
Дефекты
CWE-94
Связанные уязвимости
github
6 месяцев назад
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
EPSS
Процентиль: 98%
0.60003
Средний
Дефекты
CWE-94