VYPR
Vendor

Twig Development Team

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2001-1537HigDec 31, 2001
    risk 0.49cvss 7.5epss 0.01

    The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

  • CVE-2018-13818CriJul 10, 2018
    risk 0.01cvss 9.8epss 0.07

    Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it

  • CVE-2001-1361Jul 19, 2001
    risk 0.00cvss epss 0.01

    Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.

  • CVE-2001-1348May 28, 2001
    risk 0.00cvss epss 0.01

    TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.

  • CVE-2000-1166Jan 9, 2001
    risk 0.00cvss epss 0.02

    Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.