CVE-2016-10754

CVE-2016-10754

modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.