MidnightBSD

Advisories for traq

CVE-2018-20779 HIGH

Traq 3.7.1 allows SQL Injection via a tickets?search= URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
traq traq 3.7.1
CVE-2018-20780 MEDIUM

Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
traq traq 3.7.1