PEAK XOOPS - Some vulnerablities has been found in piCal 0.60beta03.

A XOOPS site in brasil has been posted illegal events from some cracker as a guest yesterday.
The cracker introduce him/herself as LEONE_PARK.

Although I don't see how to post the events, I've found some vulnerablities -SQL Injection & CSRF- from piCal 0.60beta03 at least.

Thus, I've just released fixed version of piCal named 0.60beta04.

I don't think this vulnerablity is so serious or emergency, you'd better update piCal to 0.60beta04.

This vulnerablities might exist in all versions of piCal but >= 0.60beta04.