cbcvebase.
CVE-2022-31976
published 2022-06-02

CVE-2022-31976: Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.

PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.16%
93.5th percentile
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.

Affected

1 ranges
VendorProductVersion rangeFixed in
online_fire_reporting_system_projectonline_fire_reporting_system

Detection & IOCsextracted from sources · hover to see the quote

url/ofrs/classes/Master.php?f=delete_request
url/classes/Master.php?f=delete_request
commandid='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN
  • Time-based blind SQL injection: detect POST requests to /classes/Master.php?f=delete_request where the `id` parameter contains SQL sleep payloads; a response duration >= 6 seconds with HTTP 200 and body containing 'status":"success"}' indicates successful exploitation.
  • Match response body for the string 'status":"success"}' combined with Content-Type text/html and HTTP 200 to confirm vulnerable endpoint response.
  • The vulnerable endpoint accepts POST requests with Content-Type application/x-www-form-urlencoded; monitor for anomalous `id` parameter values containing SQL keywords (SELECT, SLEEP, AND) on this path.
  • ·The Nuclei template uses a SLEEP(6) threshold (@timeout: 10s) for time-based detection; network latency may cause false positives or false negatives — tune the duration threshold to match the target environment.
  • ·The vulnerable path prefix in the NVD description includes /ofrs/ (i.e. /ofrs/classes/Master.php), while the Nuclei PoC omits it (POST /classes/Master.php). Detections should account for both path variants depending on deployment configuration.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.