CVE-2007-2049 Information

Description

Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.

Reference

http://osvdb.org/37583 http://osvdb.org/37584 http://www.securityfocus.com/bid/23435 https://www.exploit-db.com/exploits/3713