Unrated severityNVD Advisory· Published Sep 11, 2025· Updated Sep 11, 2025

SQL injection in PHPGurukul Online Fire Reporting System

CVE-2025-40687

Description

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via

'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'.

Affected products

Phpgurukul/Online Fire Reporting Systemllm-fuzzy
Range: =1.2
PHPGurukul/Online Fire Reporting Systemv5
Range: 1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpgurukuls-online-fire-reporting-systemmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000