PT-2025-37176 · Unknown · Online Fire Reporting System
Rafael Pedrero
·
Published
2025-09-09
·
Updated
2025-09-16
·
CVE-2025-40692
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Online Fire Reporting System version 1.2
Description:
The Online Fire Reporting System contains a SQL injection flaw. This flaw allows an attacker to retrieve, create, update, and delete database information via the
requestid parameter in the /ofrs/details.php API endpoint.Recommendations:
Apply any available updates or patches to address the SQL injection flaw in the
requestid parameter of the /ofrs/details.php endpoint.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Online Fire Reporting System