Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
event calendar category script project event calendar category script 1.0