Description
A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Published: 2026-03-08
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an unsanitized GET parameter Date in the daily-attendance-report.php script, allowing an attacker to inject arbitrary SQL statements. This flaw permits remote exploitation because the request need only be sent to the public URL. An attacker could read, modify, or delete data from the underlying database, leading to loss of confidentiality, integrity, or availability of business information. The weakness is a classic SQL injection (CWE‑89) with potential for broader command injection (CWE‑74).

Affected Systems

SourceCodester Employee Task Management System version 1.0 is affected. The vulnerable component resides in the daily-attendance-report.php page, which is accessible through the web interface of the system. No other versions are listed as impacted in the available data.

Risk and Exploitability

The CVSS base score is 5.1, indicating a moderate risk. The EPSS score is below 1 %, suggesting low exploitation likelihood currently, and the issue is not yet listed in the CISA KEV catalog. However, the flaw can be exploited remotely with a crafted HTTP GET request to the Date parameter; no authentication or privileged access is required. Therefore, attackers can potentially insert malicious SQL payloads via the public web interface, which may expose sensitive data or corrupt the database. The absence of an official patch means organizations must mitigate the risk proactively.

Generated by OpenCVE AI on April 16, 2026 at 04:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SourceCodester Employee Task Management System to a version that includes the fix for the SQL injection in daily‑attendance‑report.php, if available from the vendor.
  • Restrict access to the daily‑attendance‑report.php endpoint by enforcing authentication or by limiting it to known IP ranges, so only authorized users can trigger the script.
  • Deploy a Web Application Firewall or use input‑validation rules to block suspicious SQL payloads targeting the Date parameter in incoming GET requests.

Generated by OpenCVE AI on April 16, 2026 at 04:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 employee Task Management System
CPEs cpe:2.3:a:oretnom23:employee_task_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 employee Task Management System

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester employee Task Management System
Vendors & Products Sourcecodester
Sourcecodester employee Task Management System

Sun, 08 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Title SourceCodester Employee Task Management System GET Parameter daily-attendance-report.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Oretnom23 Employee Task Management System
Sourcecodester Employee Task Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-11T19:35:35.927Z

Reserved: 2026-03-07T20:27:28.396Z

Link: CVE-2026-3751

cve-icon Vulnrichment

Updated: 2026-03-11T19:35:32.944Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-08T17:16:08.727

Modified: 2026-03-09T16:32:50.460

Link: CVE-2026-3751

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:15:24Z

Weaknesses