PostCalendar is an online events calendar. Allowing for one time or recurring events and calendar sharing with multiple categories and PostNuke topics integration.
Vulnerable versions can be exploited through SQL injection within the search function.
It is recommended that all admins upgrade their sites to v4.0.1 or apply the latest security fix package for v4.0.1 available right now from the locations listed below.
No references are currently available on the net.
1. PostCalendar 4.0.1 Fullpackage (.zip format)
MD5 checksum: 85f28144f36b1487366f654f4f800830
2. PostCalendar 4.0.1 fixed files only (.zip format)
MD5 checksum: 4b5fd57053c8577eeefef50cd1d19279
Just replace the files contained in this patch into your PostCalendar directory to have your PC patched. Remember that a backup/dump is always a good idea prior to any update.
This exploit has been originally found by Klavs Klavsen and the Security Forum Denmark (sikkerhedsforum.dk) and has been reported on 2003-12-10.