CVE-2017-17645
CRITICALBus Booking Script 1.0 - SQL Injection via txtname Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-17645. PoCs published by Ihsan Sencan.
AI-analyzed exploit summary This HTML form demonstrates a SQL injection vulnerability in Bus Booking Script 1.0 by injecting a UNION-based payload into the 'txtname' parameter. The payload attempts to extract arbitrary data by manipulating the SQL query structure.
Description
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ihsan Sencan · htmlwebappsphp
https://www.exploit-db.com/exploits/43336
This HTML form demonstrates a SQL injection vulnerability in Bus Booking Script 1.0 by injecting a UNION-based payload into the 'txtname' parameter. The payload attempts to extract arbitrary data by manipulating the SQL query structure.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Bus Booking Script 1.0
No auth needed
Prerequisites:
Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/145445/Bus-Booking-Script-1.0-SQL-Injection.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43336/
Scores
CVSS v3
9.8
EPSS
0.0251
EPSS Percentile
85.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
phpautoclassifiedscript/bus_booking_script
1.0
Published
Dec 18, 2017
Tracked Since
Feb 18, 2026