SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote malicious users to execute arbitrary SQL commands via the calid parameter.
cfmsource cf calendar -