CVE-2011-10013

Critical CVSS 10.0

Overview

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.

CWE: CWE-94 Published: 2025-08-13T21:15:28.607

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 10.0 (CRITICAL)
Detected tags: rce (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags