Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1166

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-1166
Last Modified 05 Sep 2008 04:22:49
Published 09 Jan 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-1166

Summary

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

Vulnerable Systems

Application

  • Twig Development Team Twig 2.5.1


References

BID - 1998

CONFIRM - http://twig.screwdriver.net/file.php3?file=CHANGELOG

BUGTRAQ - 20001124 Security problems with TWIG webmail system

XF - twig-php3-script-execute(5581)


Last Updated: 27 May 2016 10:36:03