SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18104
http://www.waraxe.us/index.php?modname=sa&id=38