What is CVE-2011-10013?

CVE-2011-10013 is a vulnerability in Traq Project Issue Tracking System, classified under Code Injection. Published 2025-08-13.

Is CVE-2011-10013 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Traq Project Issue Tracking System

CVE-2011-10013

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.637 (98.4th percentile) — read the EPSS interpretation.

Affected products

Traq Project Issue Tracking System — versions 2.0

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/m… (exploit)
www.exploit-db.com/exploits/18213 (exploit)
www.exploit-db.com/exploits/18239 (exploit)
web.archive.org/web/20110729003039/https://traqproject.org/ (product)
github.com/nirix/traq/releases/tag/v2.3.1 (patch)
www.vulncheck.com/advisories/traq-issue-tracking-system-rce (third-party-advisory)

Frequently asked questions

What is CVE-2011-10013?: CVE-2011-10013 is a vulnerability in Traq Project Issue Tracking System, classified under Code Injection. Published 2025-08-13.
Is CVE-2011-10013 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.