CVE-2025-40691

CWE-89SQL Injection3 documents3 sources
Severity
9.3CRITICAL
EPSS
0.0%
top 87.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Online Fire Reporting System
Timeline
PublishedSep 11

Description

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'todate' parameter in the endpoint '/ofrs/admin/bwdates-report-result.php'.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SQL injection in PHPGurukul Online Fire Reporting System2025-09-11
GHSA
GHSA-52m5-qhx2-x9w6: SQL Injection in Online Fire Reporting System v12025-09-11
CVE-2025-40691 (CRITICAL CVSS 9.3) | SQL Injection in Online Fire Report | cvebase.io