CVE-2017-17829

Name of the Vulnerable Software and Affected Versions Bus Booking Script (affected versions not specified)

Description The issue concerns SQL Injection, which can be exploited via specific parameters in certain PHP files. The vulnerable parameters are sp id in the "admin/view seatseller.php" endpoint and memid in the "admin/view member.php" endpoint.

Recommendations For the Bus Booking Script, consider restricting access to the sp id parameter in the "admin/view seatseller.php" endpoint and the memid parameter in the "admin/view member.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.