SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.