A SQL injection vulnerability was discovered in Issue Trak versions <= 7.0, and is possibly applicable up to version 9.7. The vulnerable endpoint is www.example.com/IssueTrak/IssueSearch_Process.asp, and the vulnerable parameters are Status, Priority, inp_IssueType, SubmittedBy, EnteredBy, AssignedTo, AssignedBy, NextActionBy, ClosedBy, ProjectManager, and inp_OrgID. An attacker can exploit this vulnerability by sending a malicious HTTP request containing a SQL injection payload. The SQLMap and NoSQLMap commands can be used to exploit this vulnerability.