CVE-2007-3515
This CVE-2007-3515 entry describes a SQL injection in view_event.php of TotalCalendar 2.402 and earlier, exploitable via the id parameter to allow remote arbitrary SQL execution. The affected component is the view_event.php script; root cause is improper input handling in the query construction. ...