CVE-2001-1045

Basilix Webmail 1.0.3beta - Directory Traversal via request_id[DUMMY] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1045. PoCs published by karol _.

AI-analyzed exploit summary The exploit describes a file inclusion vulnerability in Basilix webmail due to improper input validation, allowing remote attackers to read arbitrary files or execute PHP files via path traversal. The provided URL demonstrates the attack vector.

Description

Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by karol _ · textwebappsphp
https://www.exploit-db.com/exploits/20996

The exploit describes a file inclusion vulnerability in Basilix webmail due to improper input validation, allowing remote attackers to read arbitrary files or execute PHP files via path traversal. The provided URL demonstrates the attack vector.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Basilix webmail (version unspecified)
No auth needed
Prerequisites: Network access to the target application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2995
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6873

Scores

EPSS 0.0376
EPSS Percentile 88.7%

Details

Status published
Products (2)
basilix/basilix_webmail 1.02_beta
basilix/basilix_webmail 1.03_beta
Published Jul 06, 2001
Tracked Since Feb 18, 2026