search.results.php in HiveMail 3.1 and earlier allows remote attackers to obtain the installation path via certain manipulations related to the (1) searchdate and (2) folderids parameters.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Hivemail | Hivemail | 1.2_sp1 | 1.2_sp1 |
Hivemail | Hivemail | 1.2 | 1.2 |
Hivemail | Hivemail | * | 3.1 |
Hivemail | Hivemail | 1.2.2 | 1.2.2 |
Hivemail | Hivemail | 1.3_beta1 | 1.3_beta1 |
Hivemail | Hivemail | 1.1.1 | 1.1.1 |
Hivemail | Hivemail | 1.3_rc1 | 1.3_rc1 |
Hivemail | Hivemail | 1.3 | 1.3 |
Hivemail | Hivemail | 1.2.1_rc | 1.2.1_rc |
Hivemail | Hivemail | 1.2.1_beta1 | 1.2.1_beta1 |
Hivemail | Hivemail | 1.1 | 1.1 |