Twig Development Team
Products
2- 4 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-1537 | Hig | 0.49 | 7.5 | 0.01 | Dec 31, 2001 | The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | ||
| CVE-2018-13818 | Cri | 0.01 | 9.8 | 0.07 | Jul 10, 2018 | Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it | ||
| CVE-2001-1361 | 0.00 | — | 0.01 | Jul 19, 2001 | Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. | |||
| CVE-2001-1348 | 0.00 | — | 0.01 | May 28, 2001 | TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. | |||
| CVE-2000-1166 | 0.00 | — | 0.02 | Jan 9, 2001 | Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program. |
- risk 0.49cvss 7.5epss 0.01
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
- risk 0.01cvss 9.8epss 0.07
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
- CVE-2001-1361Jul 19, 2001risk 0.00cvss —epss 0.01
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
- CVE-2001-1348May 28, 2001risk 0.00cvss —epss 0.01
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
- CVE-2000-1166Jan 9, 2001risk 0.00cvss —epss 0.02
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.