Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) e