This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Dedi Dwianto a.k.a the_day reports :
Input passed to the '$calpath' parameter in update.php is not properly
verified before being used. This can be exploited to execute arbitrary
PHP code by including files from local or external resources.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.8
Public Exploit Available : true