calendar.php in Kamgaing Email System (kmail) 2.3 and previous versions allows remote malicious users to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kmail kmail |