CRITICAL
Nur-Alam39
CVE published 2026-06-18
CVE-2026-55740
CVE-2026-55740 is a critical SQL injection vulnerability in the Nur-Alam39 bus ticket system. The vulnerability allows an unauthenticated attacker to inject arbitrary SQL, potentially leading to data breaches and system compromise. The vulnerability exists in the bus_info.php file, where user input is directly concatenated into a MySQL query without proper sanitization. The database connection uses the My [truncated]