Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user.
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html