Simple Bus Ticket Booking System, a bus ticket booking system, is vulnerable to a SQL injection vulnerability in version 1.0 of Simple Bus Ticket Booking System, which originates in the username and password parameters in /assets/partials/_handleLogin.php. and password parameters in /assets/partials/_handleLogin.php lack validation for external input SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.