Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.