CVE-2022-31984 Scanner

The Online Fire Reporting System version 1.0 is a comprehensive web application designed for fire departments to manage and report fire incidents efficiently. This platform facilitates the submission of fire reports, tracking of incident statuses, and coordination between emergency responders. It is intended to enhance the operational efficiency of fire departments, improve response times, and contribute to public safety. The software provides a centralized system for managing fire incident data, making it easier for departments to analyze trends, allocate resources effectively, and communicate with other emergency services.

CVE-2022-31984 highlights a high-severity SQL Injection vulnerability within the Online Fire Reporting System version 1.0, specifically found in the /ofrs/admin/requests/take_action.php?id= endpoint. This vulnerability arises from the application's failure to properly sanitize user-supplied inputs, allowing attackers to execute arbitrary SQL commands. Such a security flaw can lead to unauthorized database access, data leakage, and potential manipulation of stored data, posing significant risks to the integrity and confidentiality of the system's information.

The vulnerability is exploited through the id parameter in the URL path /admin/requests/take_action.php?id=. By manipulating this parameter with SQL injection techniques, an attacker can inject and execute malicious SQL queries against the database. This can result in unauthorized access to sensitive information, including personal data of individuals reported in fire incidents and internal operational details. The exploitation of this vulnerability could allow attackers to modify or delete crucial data, disrupt system functionality, and potentially gain administrative privileges within the application.

The exploitation of this SQL Injection vulnerability could have severe consequences, including unauthorized access to and disclosure of sensitive data, alteration or deletion of critical information, and disruption of the system's normal operations. Such incidents could undermine the effectiveness of emergency response efforts, compromise the privacy and security of individuals' data, and damage the trust and reliability of the fire reporting system.

By joining the Security for Everyone platform, users can leverage advanced security scanning tools to identify and address vulnerabilities like SQL Injection in their digital infrastructure. Our platform offers a comprehensive Cyber Threat Exposure Management service, utilizing both open-source and proprietary technologies to scan and secure online assets. Members benefit from detailed vulnerability reports, expert support, and actionable insights to enhance their cybersecurity posture. Protect your digital assets and maintain the security of sensitive information with the proactive and expert-backed solutions provided by Security for Everyone.

References

• https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-10.md
• https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
• https://nvd.nist.gov/vuln/detail/CVE-2022-31984