Online Fire Reporting System is an online fire reporting system from Carlo Monteroβs personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which originates from /ofrs/admin/?page=reports& date=Lack of validation of external input SQL statements, an attacker can use the vulnerability to execute illegal SQL commands to steal sensitive data from the database.