CVE-2017-17604

CRITICAL

Entrepreneur Bus Booking Script 3.0.4 - SQL Injection via Booker Details Sourcebus Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17604. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Entrepreneur Bus Booking Script 3.0.4 via the 'sourcebus' parameter in 'booker_details.php'. The PoC includes payloads to extract table names, column names, and credentials from the 'adminlogin' table.

Description

Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/43305

This exploit demonstrates a SQL injection vulnerability in Entrepreneur Bus Booking Script 3.0.4 via the 'sourcebus' parameter in 'booker_details.php'. The PoC includes payloads to extract table names, column names, and credentials from the 'adminlogin' table.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Entrepreneur Bus Booking Script 3.0.4
No auth needed
Prerequisites: Access to the vulnerable endpoint · SQL injection payloads
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43305/

Scores

CVSS v3 9.8
EPSS 0.0305
EPSS Percentile 85.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
entrepreneur_bus_booking_script_project/entrepreneur_bus_booking_script 3.0.4
Published Dec 13, 2017
Tracked Since Feb 18, 2026