Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.