Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html