The remote web server contains a script that is vulnerable to a SQL injection attack.
The remote host is running PHP-Calendar, a web-based calendar application written in PHP. This version of PHP-Calendar is vulnerable to a remote SQL injection attack. Specifically, the search.php script fails to parse out SQL-reserved characters and would allow a remote attacker to read or write data as well as potentially execute arbitrary code on the remote database.
Upgrade to version 0.10.3 or higher.