PHPGurukul Online Fire Reporting System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in PHPGurukul Online Fire Reporting System.
By the Year
In 2026 there have been 0 vulnerabilities in PHPGurukul Online Fire Reporting System. Last year, in 2025 Online Fire Reporting System had 28 security vulnerabilities published. Right now, Online Fire Reporting System is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 28 | 9.17 |
| 2024 | 1 | 0.00 |
| 2023 | 3 | 5.67 |
It may take a day or so for new Online Fire Reporting System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent PHPGurukul Online Fire Reporting System Security Vulnerabilities
Stored XSS in Online Fire Reporting System v1.2 via /ofrs/reporting.php
CVE-2025-40696
- September 11, 2025
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fullname', 'location' and 'message' parameters via POST at the endpoint '/ofrs/reporting.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal its cookie session details.
XSS
Online Fire Reporting System v1.2 – Stored Auth XSS (remark/status/takeaction)
CVE-2025-40695
- September 11, 2025
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '/ofrs/admin/request-details.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal its cookie session details.
XSS
Stored XSS in Online Fire Reporting System v1.2 via Unvalidated POST dates
CVE-2025-40694
- September 11, 2025
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fromdate' and 'todate' parameters via POST at the endpoint '/ofrs/admin/bwdates-report-result.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal its cookie session details.
XSS
Online Fire Reporting System v1.2 XSS via edit-team.php
CVE-2025-40693
- September 11, 2025
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation of user inputs 'tname' parameter via GET and, 'teamleadname', 'teammember' and 'teamname' parameters via POST at the endpoint '/ofrs/admin/edit-team.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal its cookie session details.
XSS
SQLi in Online Fire Reporting System v1.2 via requestid param
CVE-2025-40692
- September 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'requestid' parameter in the endpoint '/ofrs/details.php'.
SQL Injection
SQL Injection in OFRS 1.2 via 'todate' in bwdates-report-result.php
CVE-2025-40691
- September 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'todate' parameter in the endpoint '/ofrs/admin/bwdates-report-result.php'.
SQL Injection
SQLi in Online Fire Reporting System v1.2 via teamid param
CVE-2025-40690
- September 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter in the endpoint '/ofrs/admin/edit-team.php'.
SQL Injection
SQLi: OFRS v1.2 (PHPGurukul) Admin request-details.php
CVE-2025-40689
- September 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'.
SQL Injection
SQL Injection in OFRS v1.2 (PHPGurukul) via add-team.php
CVE-2025-40687
- September 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'.
SQL Injection
PHPGurukul ORFS 1.2 SQLi via /admin/all-requests.php teamid
CVE-2025-7583
8.8 - High
- July 14, 2025
A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /admin/all-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul OFRS 1.2 SQLi via webtitle in admin/manage-site.php
CVE-2025-7585
8.8 - High
- July 14, 2025
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /admin/manage-site.php. The manipulation of the argument webtitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul Fire Report Sys <=1.2 SQLi via add-team.php (CVE-2025-7584)
CVE-2025-7584
8.8 - High
- July 14, 2025
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /admin/add-team.php. The manipulation of the argument teammember leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul Fire Reporting Sys 1.2. SQLi via /admin/assigned-requests.php
CVE-2025-7582
8.8 - High
- July 14, 2025
A vulnerability, which was classified as critical, was found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/assigned-requests.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul OFRS 1.2 SQLi via /admin/completed-requests.php (teamid)
CVE-2025-7563
8.8 - High
- July 14, 2025
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/completed-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi via teamid in admin/new-requests.php (PHPGurukul OFRS 1.2)
CVE-2025-7562
8.8 - High
- July 14, 2025
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /admin/new-requests.php. The manipulation of the argument teamid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul ORS 1.2 SQLi via teamid in team-ontheway-requests.php
CVE-2025-7561
8.8 - High
- July 14, 2025
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. This issue affects some unknown processing of the file /admin/team-ontheway-requests.php. The manipulation of the argument teamid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul Online Fire Reporting System 1.2 SQLi via admin/workin-progress-requests.php
CVE-2025-7560
8.8 - High
- July 14, 2025
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. This vulnerability affects unknown code of the file /admin/workin-progress-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Critical SQLi in PHPGurukul OSRS 1.2 /admin/bwdates-report-result.php
CVE-2025-7559
8.8 - High
- July 14, 2025
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi via mobilenumber in PHPGurukul OFRS 1.2 /admin/profile.php
CVE-2025-5616
8.8 - High
- June 04, 2025
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
PHPGurukul Online Fire Reporting System 1.2 SQLi in /admin/manage-teams.php
CVE-2025-5617
9.8 - Critical
- June 04, 2025
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi in PHPGurukul Online Fire Reporting System 1.2 /admin/edit-team.php (teamid)
CVE-2025-5618
9.8 - Critical
- June 04, 2025
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
CRITICAL SQLi in PHPGurukul OSRS 1.2 via /search-report-result.php
CVE-2025-5614
8.8 - High
- June 04, 2025
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul OS FRS 1.2: SQLi via requestid in /details.php
CVE-2025-5615
8.8 - High
- June 04, 2025
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul ORFS 1.2: SQLi via /rq-details.php requestid (CRITICAL)
CVE-2025-5613
9.8 - Critical
- June 04, 2025
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul Online Fire Reporting System 1.2 SQLi via fullname input
CVE-2025-5612
9.8 - Critical
- June 04, 2025
A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
SQLi via editid in PHPGurukul Fire Report Sys 1.2
CVE-2025-3239
9.8 - Critical
- April 04, 2025
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi via /admin/search.php (searchdata) in PHPGurukul IRS v1.2
CVE-2025-3240
9.8 - Critical
- April 04, 2025
A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi in PHPGurukul ORRS 1.2 via /search-request.php
CVE-2025-3238
9.8 - Critical
- April 04, 2025
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQL Injection in PHPGurukul OFRS 1.2 admin/index.php
CVE-2024-34987
- June 03, 2024
A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process.
XSS CVE-2023-36942 in PHPGurukul Online Fire Reporting System 1.2
CVE-2023-36942
6.1 - Medium
- July 27, 2023
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field.
XSS
CVE-2023-36941: XSS in PHPGurukul Fire Reporting 1.2 via inputs
CVE-2023-36941
6.1 - Medium
- July 27, 2023
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields.
XSS
PHPGurukul Online Fire Reporting System 1.2 - XSS in search field
CVE-2023-36940
4.8 - Medium
- July 10, 2023
Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for PHPGurukul Online Fire Reporting System or by PHPGurukul? Click the Watch button to subscribe.
