diff --git a/api/src/Mail.php b/api/src/Mail.php
index 1fa6db7d55..cc71dbb6e1 100644
--- a/api/src/Mail.php
+++ b/api/src/Mail.php
@@ -6818,7 +6818,7 @@ class Mail
 							if ($URI_params['mailbox'] && $URI_params['uid'] && $URI_params['cid'])
 							{
 								$mail_bo->reopen(base64_decode($URI_params['mailbox']));
-								$attachment = $mail_bo->getAttachmentByCID($URI_params['uid'], base64_decode($URI_params['cid']),base64_decode($URI_params['partID']),true);
+								$attachment = $mail_bo->getAttachmentByCID(base64_decode($URI_params['uid']), base64_decode($URI_params['cid']),base64_decode($URI_params['partID']),true);
 								$mail_bo->closeConnection();
 								if ($attachment)
 								{
diff --git a/mail/inc/class.mail_ui.inc.php b/mail/inc/class.mail_ui.inc.php
index 00c84cb48d..f4b6bbdfb6 100644
--- a/mail/inc/class.mail_ui.inc.php
+++ b/mail/inc/class.mail_ui.inc.php
@@ -2678,7 +2678,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
 	 */
 	function displayImage()
 	{
-		$uid	= $_GET['uid'];
+		$uid	= base64_decode($_GET['uid']);
 		$cid	= base64_decode($_GET['cid']);
 		$partID = urldecode($_GET['partID']);
 		if (!empty($_GET['mailbox'])) $mailbox  = base64_decode($_GET['mailbox']);
@@ -3602,7 +3602,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
 			{
 				$linkData = array (
 					'menuaction'    => 'mail.mail_ui.displayImage',
-					'uid'		=> $_uid,
+					'uid'		=> base64_encode($_uid),
 					'mailbox'	=> base64_encode($_mailbox),
 					'cid'		=> base64_encode($_cid),
 					'partID'	=> $_partID,