Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.Referenceshttp://www.securityfocus.com/bid/23435http://osvdb.org/37583https://www.exploit-db.com/exploits/3713http://osvdb.org/37584
