By: Craig Knudsen - cknudsen
Security Warning: Please upgrade to 1.0RC2
2005-02-12 08:21
If you are running WebCalendar 0.9.45 or earlier in multiuser mode using web-based authentication, you should either upgrade to 1.0RC2 or patch your existing install.

Patches for 0.9.45 and earlier are available in the SourceForge patches area:

WebCalendar 1.0RC1 (and later) include these code changes.

You can download the latest version of WebCalendar (which include fixes for this) at:

The security hole allows a malicious user to access your database (add/delete/drop tables).

The details of this security exploit are expected to be published on Feb 15, 2005.