SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24120
http://www.vupen.com/english/advisories/2006/0190
http://www.securityfocus.com/bid/16242
http://www.securityfocus.com/archive/1/422052/100/0/threaded