[原文]Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts.
Trac contains a flaw that may allow a malicious user to upload and access arbitrary file. The issue is due to insufficient validation of 'id' variable. An attacker can supply arbitrary paths to attachement upload and viewer scripts, resulting in a loss of integrity.
Upgrade to version 0.8.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.