CVE-2017-17645
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
Date published : 2017-12-18
https://www.exploit-db.com/exploits/43336/
https://packetstormsecurity.com/files/145445/Bus-Booking-Script-1.0-SQL-Injection.html