CVE-2024-34987

CRITICAL

PHPGurukul Online Fire Reporting System 1.2 - SQL Injection via Username Input Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-34987. PoCs published by Diyar Saadi.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the Online Fire Reporting System's admin login page, allowing authentication bypass via a crafted payload. It includes both manual steps and a Python script using requests and Selenium for automated exploitation.

Description

A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process.

Exploits (1)

exploitdb WORKING POC
by Diyar Saadi · textwebappsphp
https://www.exploit-db.com/exploits/51989

This exploit demonstrates an SQL injection vulnerability in the Online Fire Reporting System's admin login page, allowing authentication bypass via a crafted payload. It includes both manual steps and a Python script using requests and Selenium for automated exploitation.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Online Fire Reporting System V 1.2
No auth needed
Prerequisites: Access to the admin login page · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.1
EPSS 0.0003
EPSS Percentile 10.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
phpgurukul/online_fire_reporting_system 1.2
Published Jun 03, 2024
Tracked Since Feb 18, 2026