CVE-2025-40693

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation of user inputs 'tname' parameter via GET and, 'teamleadname', 'teammember' and 'teamname' parameters via POST at the...

CVE-2025-40687 SQL injection in PHPGurukul Online Fire Reporting System

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'...

CVE-2025-40687

CVE-2025-40687 affects Online Fire Reporting System v1.2 (PHPGurukul). The root cause is an SQL injection flaw in the /ofrs/admin/add-team.php endpoint, exploitable via the mobilenumber, teamleadname, and teammember parameters. This can allow an attacker to retrieve, create, update, and delete da...

PT-2025-37170

Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2 Description: The Online Fire Reporting System contains a SQL injection flaw. This flaw allows an attacker to retrieve, create, update, and delete database information via the mobilenumber, teamleadname...