Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| traq | traq | 3.7.1 |
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| traq | traq | 3.7.1 |