CVE-2025-40689

Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2

Description: The Online Fire Reporting System is susceptible to SQL Injection attacks. An attacker can potentially retrieve, create, update, and delete database information through the remark, status, and requestid parameters in the /ofrs/admin/request-details.php API endpoint.

Recommendations: Apply input validation and sanitization to the remark, status, and requestid parameters in the /ofrs/admin/request-details.php endpoint. Consider using parameterized queries or prepared statements to prevent SQL Injection.