See:
http://sourceforge.net/forum/forum.p...forum_id=11587

By: Craig Knudsen - cknudsen
Security Warning: Please upgrade to 1.0RC2
2005-02-12 08:21
If you are running WebCalendar 0.9.45 or earlier in multiuser mode using web-based authentication, you should either upgrade to 1.0RC2 or patch your existing install.

Patches for 0.9.45 and earlier are available in the SourceForge patches area:

https://sourceforge.net/tracker/inde...70&atid=303870

WebCalendar 1.0RC1 (and later) include these code changes.

You can download the latest version of WebCalendar (which include fixes for this) at:

http://www.k5n.us/webcalendar.php?topic=Download

The security hole allows a malicious user to access your database (add/delete/drop tables).

The details of this security exploit are expected to be published on Feb 15, 2005.