What did you do to cause this? I fiddled a bit with URL in my installation and stumbled upon an SQL injection situation. It has been made even easier by showing me the actual query.
What page were you on? .../tickets?status=open&type=1%29;SQL_INJECTION%28
Describe the defect: It shows me the query, and allows me to put anything into it. Any skilled hacker would abuse this with great pleasure.