SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the (1) eid or (2) cid parameters.