CVE-2022-31977

Name of the Vulnerable Software and Affected Versions Online Fire Reporting System version 1.0

Description The issue allows for SQL Injection via the /ofrs/classes/Master.php?f=delete team API endpoint, specifically through the f parameter. This could potentially lead to unauthorized data access or modification.

Recommendations For Online Fire Reporting System version 1.0, consider restricting access to the /ofrs/classes/Master.php API endpoint, specifically the delete team function, until a patch is available. As a temporary workaround, avoid using the f parameter in the affected API endpoint to minimize the risk of exploitation.