Public exploit · Metasploit Module
Traq admincp/common.php Remote Code Execution
Exploit summary
This module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. The vulnerability exists in the admincp/common.php script where the header() function fails to halt execution flow, allowing malicious users to bypass authentication and leverage plugin functionality for arbitrary PHP code execution.
Source & references