CVE-2012-1495
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
Date published : 2020-01-27
http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/
https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html