Loading
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.
Use CWE-89, Vtiger vendor hub and Vtiger Crm product page to widen CVE-2016-10754 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2024-44779, CVE-2024-44778 and CVE-2024-44777 for nearby disclosures in the same product family.