{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-55740/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-18T05:48:27.016Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-55740","@id":"https://www.cve.org/CVERecord?id=CVE-2026-55740","description":"Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad) contains an unauthenticated SQL injection vulnerability in bus_info.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query (select * from bus_info where id=$busid) without sanitization, escaping, or parameterization, and in a numeric (unquoted) context. A remote, unauthenticated attacker can inject arbitrary SQL — for example a UNION-based payload such as busi"},"products":[{"@id":"cpe:2.3:a:nur-alam39:bus-ticket:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:nur-alam39:bus-ticket:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-18T05:48:27.016Z"}]}