The calendar module in phpWebSite 0.9.x and previous versions allows remote malicious users to cause a denial of service (crash) via a long year parameter.
phpwebsite phpwebsite