CVE-2018-20779
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
9.8CVSS
9.7AI Score
0.003EPSS
CVE-2018-20780
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).
8.8CVSS
8.6AI Score
0.001EPSS