exploitDog

CVE-2025-40691

Опубликовано: 11 сент. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via

'todate' parameter in the endpoint '/ofrs/admin/bwdates-report-result.php'.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpgurukuls-online-fire-reporting-system
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:online_fire_reporting_system:1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00059

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-52m5-qhx2-x9w6

CVSS3: 9.8

github

5 месяцев назад

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'todate' parameter in the endpoint '/ofrs/admin/bwdates-report-result.php'.

EPSS

Процентиль: 19%

0.00059

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89