{"id":75955,"date":"2025-09-17T17:43:51","date_gmt":"2025-09-17T17:43:51","guid":{"rendered":""},"modified":"2025-10-10T17:18:42","modified_gmt":"2025-10-10T23:18:42","slug":"cve-2025-40692-high-risk-sql-injection-vulnerability-in-online-fire-reporting-system-v1-2","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-40692-high-risk-sql-injection-vulnerability-in-online-fire-reporting-system-v1-2\/","title":{"rendered":"CVE-2025-40692: High-Risk SQL Injection Vulnerability in Online Fire Reporting System v1.2<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The cybersecurity world is facing another critical vulnerability, CVE-2025-40692, that poses a significant threat to the Online Fire Reporting System v1.2 by PHPGurukul. This system is widely used by various organizations to manage and report fire incidents. The vulnerability arises from an SQL Injection<\/a> flaw that allows an attacker to manipulate the ‘requestid’ parameter in the ‘\/ofrs\/details.php’ endpoint. This flaw can potentially compromise the entire system or lead<\/a> to severe data leakage, and thus it is crucial that users understand the seriousness of the issue and take immediate preventative measures.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-40692
\nSeverity: Critical (CVSS v3.1: 9.8)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: System compromise<\/a>, data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n