10 matches found
CVE-2025-40687
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'...
CVE-2025-40693
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation of user inputs 'tname' parameter via GET and, 'teamleadname', 'teammember' and 'teamname' parameters via POST at the...
CVE-2025-40687 SQL injection in PHPGurukul Online Fire Reporting System
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'...
CVE-2025-40687 SQL injection in PHPGurukul Online Fire Reporting System
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'...
CVE-2025-40687
CVE-2025-40687 affects Online Fire Reporting System v1.2 (PHPGurukul). The root cause is an SQL injection flaw in the /ofrs/admin/add-team.php endpoint, exploitable via the mobilenumber, teamleadname, and teammember parameters. This can allow an attacker to retrieve, create, update, and delete da...
PT-2025-37170
Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2 Description: The Online Fire Reporting System contains a SQL injection flaw. This flaw allows an attacker to retrieve, create, update, and delete database information via the mobilenumber, teamleadname...
PT-2025-37177
Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2 Description: The application suffers from a stored cross-site scripting issue due to insufficient validation of user-supplied data. Specifically, the tname parameter via GET, and the teamleadname,...
Online Fire Reporting System add-team.php File SQL Injection Vulnerability
Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from an SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter teammember in file /admin/add-team.php. An attacker can...
PHPGurukul Online Fire Reporting System 注入漏洞
Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from an SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter teammember in file /admin/add-team.php. An attacker can...
Cross-site Request Forgery (CSRF)
showdoc/showdoc is vulnerable to cross-site request forgery CSRF attacks. The vulnerability exists in /api/teamMember/save where it is possible to add members to a team through CSRF attacks...