SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/61637http://securityreason.com/securityalert/8445http://packetstormsecurity.org/1009-exploits/coldcalendar-sql.txthttp://www.securityfocus.com/bid/43035http://secunia.com/advisories/41333http://www.exploit-db.com/exploits/14932
