CNNVD-202508-1454 Information
CNNVD ID
CNNVD-202508-1454
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
Traq是Jack Polgar个人开发者的一套基于PHP 的项目管理和问题跟踪系统。 Traq 2.0至2.3版本存在安全漏洞,该漏洞源于admincp/common.php脚本授权逻辑缺陷,可能导致远程代码执行。
Description (English)
Traq is a PHP-based project management and problem tracking system for Jack Polgar personal developers. There is a security loophole in Traq versions 2.0 to 2.3, which originates from an admincp/common.php script authorized logical flaws that may lead to remote code implementation.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-08-13
Last Modified
2026-02-24
References
https://github.com/nirix/traq/releases/tag/v2.3.1 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/ https://traqproject.org/ https://web.archive.org/web/20110729003039/ https://www.exploit-db.com/exploits/18213 https://www.exploit-db.com/exploits/18239 https://www.vulncheck.com/advisories/traq-issue-tracking-system-rce
Patch
https://github.com/nirix/traq/releases
Share on: