Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access

high Nessus Plugin ID 11072


The remote web server contains a PHP script that is prone to a remote file include attack.


The script 'basilix.php3' is installed on the remote web server. Some versions of this webmail software allow the users to read any file on the system with the permission of the webmail software, and execute any PHP.


Update Basilix or remove DUMMY from

See Also

Plugin Details

Severity: High

ID: 11072

File Name: basilix_webmail.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 8/14/2002

Updated: 1/19/2021

Configuration: Enable paranoid mode

Risk Information


Risk Factor: Medium

Score: 4.2


Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: imap/login, imap/password, Settings/ParanoidReport, www/PHP

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/6/2001

Reference Information

CVE: CVE-2001-1045

BID: 2995