This Metasploit module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function not stopping the execution flow.
dffc7356e911b26d771f5011bfe215352e628f842cedc4e8945c25cf29569ed8