CVE-2011-10013

Publication date

2025-08-13 20:54:16

Family

VulnCheck

State

PUBLISHED

Description

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.