Name of the Vulnerable Software and Affected Versions:

Calendarix Advanced version 1.5

Description:

The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `catview` parameter to API endpoints such as "/cal week.php", "/cal cat.php", or "/cal day.php", or the `id` parameter to "/cal pophols.php".

Recommendations:

For Calendarix Advanced version 1.5, consider restricting access to the `catview` parameter in the affected API endpoints and the `id` parameter in "/cal pophols.php" until a patch is available. As a temporary workaround, avoid using these parameters in the specified endpoints to minimize the risk of exploitation.