A vulnerability has been found in Nur-Alam39 bus-ticket and classified as critical . This affects the function mysqli_query of the file bus_info.php . Performing a manipulation of the argument busid results in sql injection. This vulnerability is known as CVE-2026-55740 . Remote exploitation of the attack is possible. No exploit is available. Applying a patch is the recommended action to fix this issue.