Kessler Consulting · Webcalendar · CVE-2005-0474
**Name of the Vulnerable Software and Affected Versions**
WebCalendar version 0.9.45
**Description**
A SQL injection issue exists in the user valid crypt function in user.php, allowing remote attackers to execute arbitrary SQL commands via an encoded webcalendar session cookie.
**Recommendations**
For WebCalendar version 0.9.45, consider disabling the user valid crypt function in user.php as a temporary workaround until a patch is available. Restrict access to the user.php module to minimize the risk of exploitation. Avoid using the webcalendar session cookie in the affected API endpoint until the issue is resolved.