CVE-2005-3984
SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the timerange parameter to editreporthandler.php. NOTE: the startid/activitylog.php vector is already covered by CVE-2005-3949...