CVE-2011-10013
Traq 2.0โ2.3 admincp/common.php RCE
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
| CWE | CWE-94 CWE-306 |
| Vendor | traq project |
| Product | issue tracking system |
| Published | Aug 13, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for traq project issue tracking system
Be the first to know when new unknown vulnerabilities affecting traq project issue tracking system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Traq Project / Issue Tracking System
2.0 < 2.3
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/traq_plugin_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/18213 exploit-db.com: https://www.exploit-db.com/exploits/18239 web.archive.org: https://web.archive.org/web/20110729003039/https://traqproject.org/ github.com: https://github.com/nirix/traq/releases/tag/v2.3.1 vulncheck.com: https://www.vulncheck.com/advisories/traq-issue-tracking-system-rce
Credits
Egidio Romano aka EgiX