Traq <= 2.3 Authentication Bypass / PHP Code Injection Vulnerability
Traq contains a flaw that allows a remote attacker to execute arbitrary PHP code. The flaw is caused due to admin rights not properly being restricted in the
authenticate() function defined in admincp/common.php. This allows attackers to bypass the authentication mechanism and have access to admin functionalities, resulting in execution of arbitrary PHP code.
December 7, 2011