V-webmail 1.5.0 allows remote malicious users to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
v-webmail v-webmail 1.5.0 |