Name of the Vulnerable Software and Affected Versions: traQ versions prior to 3.25.0 Description: traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by placing a high load on the database, potentially allowing unauthorized access to the recorded sensitive information by those with log file access. Recommendations: Upgrade to version 3.25.0 or later. As a temporary workaround, review access permissions for SQL error logs and strictly limit access to prevent unauthorized users from viewing…Read More
PT-2025-34789 · Digital Creators Club Trap · Traq
