CVE-2025-40690

Critical CVSS: 9.3

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter in the endpoint '/ofrs/admin/edit-team.php'.

Vendor

Phpgurukul

Product

Online Fire Reporting System

CWE

CWE-89

Yayın Tarihi

2025-09-11 12:15:35

Güncelleme

2025-09-12 15:32:04

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-89 Online Fire Reporting System CRITICAL Phpgurukul 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpgurukuls-online-fire-reporting-system

Benzer Kayıtlar

Medium

CVE-2024-51226

A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Recor…

Medium

CVE-2024-51225

A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Man…

Medium

CVE-2024-51224

Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Recor…

Medium

CVE-2024-51223

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Manag…

Medium

CVE-2024-51222

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Manag…

Medium

CVE-2026-3403

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown process…