It is reported that some, or all of these issues have been corrected in the CVS versions of the package. This has not been confirmed. Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
WebCalendar contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when sending a specially crafted URL request to the 'view_entry.php' script, which may allow a remote attacker to bypass authentication settings and gain access to the administrative interface resulting in a loss of confidentiality and/or integrity.
Upgrade to version 0.9.45 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.