Unrated severityNVD Advisory· Published Jan 9, 2001· Updated Apr 16, 2026

CVE-2000-1166

Description

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

Affected products

Twig Development Team/Twig
cpe:2.3:a:twig_development_team:twig:2.5.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/1998nvdPatchVendor Advisory
archives.neohapsis.com/archives/bugtraq/2000-11/0351.htmlnvdVendor Advisory
twig.screwdriver.net/file.php3nvd
exchange.xforce.ibmcloud.com/vulnerabilities/5581nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000