SuiteCRM, a customer relationship software, is a great first economic choice as CRM software because it is free and open source. However, this web application can act as an entry gateway for any adversary due to its critical vulnerabilities, including a SQL Injection that can be exploited without valid login credentials or direct access to the internal network. An attacker can exploit this vulnerability by using a Spear Phishing attack to lure an employee into visiting a malicious website, which then issues a HTTP request to the SuiteCRM web application, executing a SQL query on the underlying database. This vulnerability allows an attacker to inject malicious entries into the database, creating a secondary administrator account and removing arbitrary information. The issue can be leveraged into a Remote Code Execution vulnerability by chaining together multiple exploits, allowing an attacker to execute code on the internal network server. Isolating a vulnerable web application in the internal network does not guarantee security, and it is recommended to update to the latest release of SuiteCRM as soon as possible.