Php Fusion · Php-Fusion Expanded Calendar 2.X · CVE-2007-5187
**Name of the Vulnerable Software and Affected Versions**
PHP-Fusion Expanded Calendar 2.x module version 2.x
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `sel` parameter in the infusions/calendar events panel/show single.php file.
**Recommendations**
For PHP-Fusion Expanded Calendar 2.x module version 2.x, avoid using the `sel` parameter in the /infusions/calendar events panel/show single.php endpoint until the issue is resolved.