Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.
https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html
https://seclists.org/fulldisclosure/2020/Dec/4
http://seclists.org/fulldisclosure/2020/Dec/4
http://packetstormsecurity.com/files/160397/Online-Bus-Booking-System-Project-Using-PHP-MySQL-1.0-SQL-Injection.html
Source: Mitre, NVD
Published: 2020-12-08
Updated: 2026-06-17
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS: 0.0138