SQL Injection in opportunities module in salesagility/suitecrm
Oct 3rd 2023
During the save of the the opportunity the duplicate_parent_id is not properly validated and cleaned, which allows for injecting sql.
Proof of Concept
Add sql injection statement to opportunities duplicate_parent_id on save request.
With SQL injection a user can read and manipulate data.