Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php.
6.5CVSS
6.6AI Score
0.001EPSS
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.
8.8CVSS
9AI Score
0.001EPSS
Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php.
4.8CVSS
4.8AI Score
0.001EPSS
Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img.
6.5CVSS
6.4AI Score
0.001EPSS
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.
7.2CVSS
7.3AI Score
0.011EPSS
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.
7.2CVSS
7.3AI Score
0.011EPSS
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.
9.8CVSS
9.8AI Score
0.016EPSS
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.
9.8CVSS
9.8AI Score
0.016EPSS
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.
9.8CVSS
9.8AI Score
0.016EPSS
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.
7.2CVSS
7.3AI Score
0.001EPSS
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.
7.2CVSS
7.3AI Score
0.001EPSS
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.
7.2CVSS
7.3AI Score
0.001EPSS
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.
7.2CVSS
7.3AI Score
0.001EPSS
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.
7.2CVSS
7.3AI Score
0.011EPSS
A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field.
5.4CVSS
5.3AI Score
0.001EPSS