RSS   Vulnerabilities for 'TRAQ'   RSS

2019-02-10
 
CVE-2018-20780

CWE-352
 

 
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).

 
 
CVE-2018-20779

CWE-89
 

 
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.

 


Copyright 2019, cxsecurity.com

 

Back to Top