Online Fire Reporting System is an online fire reporting system from Carlo Monteroβs personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which stems from a GET parameter in /report/list.php that lacks validation for external The vulnerability is caused by the lack of validation of external SQL statements in the GET parameter of /report/list.php, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.