CVE-2025-40689

🗓️ 11 Sep 2025 11:21:04Reported by INCIBEType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 12 Views🌐 WEB

SQL injection in PHPGurukul Online Fire Reporting System enables DB access via remark, status, and requestid.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-40689	11 Sep 202512:36	–	circl
CNNVD	Online Fire Reporting System SQL注入漏洞	11 Sep 202500:00	–	cnnvd
Cvelist	CVE-2025-40689 SQL injection in PHPGurukul Online Fire Reporting System	11 Sep 202511:21	–	cvelist
EUVD	EUVD-2025-28904	3 Oct 202520:07	–	euvd
NVD	CVE-2025-40689	11 Sep 202512:15	–	nvd
OSV	CVE-2025-40689	11 Sep 202512:15	–	osv
Positive Technologies	PT-2025-37171	11 Sep 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-40689	13 Sep 202512:23	–	redhatcve
Vulnrichment	CVE-2025-40689 SQL injection in PHPGurukul Online Fire Reporting System	11 Sep 202511:21	–	vulnrichment

NVD

Vulners

Node

phpgurukul online_fire_reporting_systemMatch1.2

[
  {
    "defaultStatus": "unaffected",
    "product": "Online Fire Reporting System",
    "vendor": "PHPGurukul",
    "versions": [
      {
        "status": "affected",
        "version": "1.2"
      }
    ]
  }
]

Source	Link
incibe	www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpgurukuls-online-fire-reporting-system

Parameter	Position	Path	Description	CWE
remark	query param	/ofrs/admin/request-details.php	SQL Injection in /ofrs/admin/request-details.php via remark, status and requestid parameters	CWE-89
status	query param	/ofrs/admin/request-details.php	SQL Injection in /ofrs/admin/request-details.php via remark, status and requestid parameters	CWE-89
requestid	query param	/ofrs/admin/request-details.php	SQL Injection in /ofrs/admin/request-details.php via remark, status and requestid parameters	CWE-89

12 Sep 2025 15:32Current

7.5High risk

Vulners AI Score7.5

CVSS 3.19.8

CVSS 49.3

EPSS0.00055

SSVC

CWE-89