https://www.securityfocus.com/bid/89839
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-183

EdgewallTrac0.8.3及早期版本中存在目录遍历漏洞，远程攻击者可借助提交到(1)upload脚本或(2)attachment脚本中的id参数中的”..”(参数中包含’..’)，来读或写任意文件。

Edgewall Software Trac 0.8.3

Edgewall Software Trac 0.8.1

Edgewall Software Trac 0.6.1

Edgewall Software Trac 0.5.2

Edgewall Software Trac 0.0.13

Edgewall Software Trac

来源:MISC
链接:http://www.hardened-php.net/advisory-012005.php
来源:SECUNIA
名称:15752
链接:http://secunia.com/advisories/15752
来源:FULLDISC
名称:20050619Advisory01/2005:Fileupload/downloadvulnerabilityinTrac
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034618.html
来源:svn.edgewall.com
链接:http://svn.edgewall.com/repos/trac/tags/trac-0.8.4/ChangeLog