Paul writes:
National Express are one of the biggest public transport companies in the UK with a huge fleet of coaches and trains.
This vulnerability discloses customers information to a potential attacker such as the passengers names, destination, last 4 digits of the card, price the customer paid for the tickets and of course the ticket itself.
An attacker could potentially disrupt customers journeys by amending or even cancelling bookings using the online Manage Booking service, which is accessed by entering a ticket number and the last 4 digits of the card. If one was to be malicious you would write a program that constantly checks for new tickets and then automatically changes the destination, for example.
Read more on ifc0nfig.
h/t, James Ball