CVE-2025-40692 CRITICAL

CVE-2025-40692: SQL injection in PHPGurukul Online Fire Reporting System

Vendor Phpgurukul
Product Online Fire Reporting System
Weakness CWE-89 · SQLi
Published September 11, 2025
Last update September 11, 2025
View on NVD All CVEs

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'requestid' parameter in the endpoint '/ofrs/details.php'.

Key dates

02Disclosure timeline

September 11, 2025 CVE published
September 11, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-10841 romadebrian WEB-Sekolah Mail Proses_Kirim.php sql injection CVE-2025-11314 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findSingConfigPage.do findRolePage sql injection CVE-2025-10563 Campcodes Grocery Sales and Inventory System ajax.php sql injection CVE-2024-13084 PHPGurukul Land Record System search-property.php sql injection CVE-2024-49588 Multiple authenticated SQL injections in oracle-sidecar