Pingux

**Name of the Vulnerable Software and Affected Versions** ACal version 2.2.6 **Description** A remote file inclusion issue in day.php allows remote attackers to execute arbitrary PHP code via a URL in the `path` parameter. **Recommendations** For ACal version 2.2.6, update to a version that fixes this issue, as using a vulnerable version allows remote attackers to execute arbitrary PHP code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.