Back to search
CVE-2000-1166
Published: Jun 25, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://twig.screwdriver.net/file.php3?file=CHANGELOG
x_refsource_CONFIRM
1998
vdb-entry
x_refsource_BID
20001124 Security problems with TWIG webmail system
mailing-list
x_refsource_BUGTRAQ
twig-php3-script-execute(5581)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now