Basilix Basilix Webmail — known CVE vulnerabilities
Every CVE whose affected-product data names Basilix Basilix Webmail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2001-1044 — CVSS 7.5 (high): Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict…
CVE-2002-1708 — CVSS 6.8 (medium): Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by…
CVE-2002-1709 — CVSS 6.4 (medium): SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the…
CVE-2006-5167 — CVSS 5.1 (medium): Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a…
CVE-2001-1045 — CVSS 5.0 (medium): Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files…
CVE-2002-1710 — CVSS 3.6 (low): The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came…
CVE-2002-1711 — CVSS 2.1 (low): BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.