CVE-2022-31983

Name of the Vulnerable Software and Affected Versions Online Fire Reporting System version 1.0

Description The issue is related to a lack of protection against SQL query structure exploitation. An attacker can execute arbitrary SQL queries via the "/ofrs/admin/?page=requests/manage request&id=" API endpoint. This allows a remote attacker to potentially exploit the system.

Recommendations For Online Fire Reporting System version 1.0, as a temporary workaround, consider restricting access to the "/ofrs/admin/?page=requests/manage request&id=" API endpoint until a patch is available. Avoid using the id variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.