Multiple SQL injection vulnerabilities have been reported in PHP Website. These issue may be exploited by sending a malicious request to the calendar script. Possible consequencs of exploitation include compromise of the site and disclosure of sensitive information.
phpWebSite contains a flaw that will allow an attacker to inject arbitrary SQL
code. The problem is that the "year" variable in the "calendar" module is
not verified properly and will allow an attacker to inject or manipulate SQL
Upgrade to version 0.8.3 or higher, as it has been reported to fix this
vulnerability. An upgrade is required as there are no known workarounds.