CVE-2025-40687CRITICAL 9.8EPSS p22.4%

CVE-2025-40687CVE-2025-40687

Description

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.31% probability of exploitation · percentile 22.4% · 2026-06-18T12:00:27Z
Published2025-09-11
Last modified2025-09-12

Underlying weaknesses· 1

CWE-89

References

  1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpgurukuls-online-fire-reporting-system

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40690
CVE
CVE-2025-40689
CVE
CVE-2025-40692
CVE
CVE-2025-40691
CVE
CVE-2025-5616
CVE
CVE-2025-7584
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.