CVE-2025-40689CRITICAL 9.8EPSS p22.4%

CVE-2025-40689CVE-2025-40689

Description

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.31% probability of exploitation · percentile 22.4% · 2026-06-19T12:03:05Z
Published2025-09-11
Last modified2025-09-12

Underlying weaknesses· 1

CWE-89

References

  1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpgurukuls-online-fire-reporting-system

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40692
CVE
CVE-2025-40690
CVE
CVE-2025-40691
CVE
CVE-2025-40687
CVE
CVE-2025-5613
CVE
CVE-2025-5615
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.