Traq authenticate function remote code execution

Added: 12/27/2011
BID: 50961
OSVDB: 77556

Background

Traq is a PHP5+ and MySQL4+ based Project Tracking system with the ability to host multiple projects.

Problem

The flaw is caused due to admin rights not properly being restricted in the "authenticate()" function in admincp/common.php. This can be exploited to execute arbitrary code.

Resolution

Upgrade to Traq 2.3.1 or later.

References

http://www.exploit-db.com/exploits/18213
http://secunia.com/advisories/47108

Limitations

This exploit has been tested against Traq 2.3 on Linux.

Platforms

Linux

Back to exploit index