Phpgurukul

Online Fire Reporting System

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-40696

  • EPSS 0.03%
  • Veröffentlicht 11.09.2025 11:49:52
  • Zuletzt bearbeitet 12.09.2025 15:30:57

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fullname', 'location' and 'message' parameters via POST at the endpoint ...

5.4

CVE-2025-40695

  • EPSS 0.03%
  • Veröffentlicht 11.09.2025 11:46:39
  • Zuletzt bearbeitet 12.09.2025 15:31:11

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '...

5.4

CVE-2025-40694

  • EPSS 0.03%
  • Veröffentlicht 11.09.2025 11:40:56
  • Zuletzt bearbeitet 12.09.2025 15:31:24

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fromdate' and 'todate' parameters via POST at the endpoint '/ofrs/admin/...

5.4

CVE-2025-40693

  • EPSS 0.03%
  • Veröffentlicht 11.09.2025 11:36:38
  • Zuletzt bearbeitet 12.09.2025 15:31:37

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation of user inputs 'tname' parameter via GET and, 'teamleadname', 'teammember'...

9.8

CVE-2025-40692

  • EPSS 0.04%
  • Veröffentlicht 11.09.2025 11:27:28
  • Zuletzt bearbeitet 12.09.2025 15:31:47

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'requestid' parameter in the endpoint '/ofrs/details.php'.

9.8

CVE-2025-40691

  • EPSS 0.04%
  • Veröffentlicht 11.09.2025 11:25:36
  • Zuletzt bearbeitet 12.09.2025 15:31:54

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'todate' parameter in the endpoint '/ofrs/admin/bwdates-report-result.php'.

9.8

CVE-2025-40690

  • EPSS 0.04%
  • Veröffentlicht 11.09.2025 11:23:32
  • Zuletzt bearbeitet 12.09.2025 15:32:04

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter in the endpoint '/ofrs/admin/edit-team.php'.

9.8

CVE-2025-40689

  • EPSS 0.04%
  • Veröffentlicht 11.09.2025 11:21:04
  • Zuletzt bearbeitet 12.09.2025 15:32:20

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.p...

9.8

CVE-2025-40687

  • EPSS 0.04%
  • Veröffentlicht 11.09.2025 11:15:30
  • Zuletzt bearbeitet 12.09.2025 15:32:29

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-...

8.8

CVE-2025-7585

Exploit
  • EPSS 0.04%
  • Veröffentlicht 14.07.2025 07:44:06
  • Zuletzt bearbeitet 15.07.2025 18:30:04

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /admin/manage-site.php. The manipulation of the argument webtitle leads to sql injection. It is ...