Traq 'authenticate()' Function Remote Code Execution Vulnerability

Bugtraq ID:	50961
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 07 2011 12:00AM
Updated:	Dec 13 2011 08:08PM
Credit:	EgiX
Vulnerable:	Traq Traq 2.3 Traq Traq 2.2
Not Vulnerable:	Traq Traq 2.3.1

Traq 'authenticate()' Function Remote Code Execution Vulnerability

Traq is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with admin privileges. Failed exploit attempts will result in a denial-of-service condition.

Traq versions prior to 2.3.1 are vulnerable.

Traq 'authenticate()' Function Remote Code Execution Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/50961.php

Traq 'authenticate()' Function Remote Code Execution Vulnerability

Solution:
Vendor updates are available. Please see the references for details.

Traq 'authenticate()' Function Remote Code Execution Vulnerability

References:

• QaTraq Homepage (QaTraq)