Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote malicious users to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mambo mambo calendar 1.5.5 |