Description
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Apply Patch
AI Analysis

Impact

SourceCodester Online Employees Work From Home Attendance System version 1.0 contains an SQL injection flaw in the file /wfh_attendance/admin/view_att.php. The flaw allows unsanitized user input to be incorporated into database queries, which is consistent with CWE‑89. While the description does not state the exact outcome, it is reasonable to infer that an attacker could execute arbitrary SQL statements against the database, potentially leading to unauthorized data disclosure. No specific exploitation details such as privilege escalation or remote code execution are mentioned, so the impact is limited to data‑related attacks.

Affected Systems

The vulnerability is present in SourceCodester Online Employees Work From Home Attendance System version 1.0. The vendor and patch information are not provided. The affected component is the admin view_att.php script used to view attendance records.

Risk and Exploitability

The CVSS score of 2.7 indicates a low severity vulnerability. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited or no observed exploitation. Based on the description, the likely attack vector is remote access to the admin interface for which the view_att.php script is exposed, allowing an attacker to supply malicious input. There is no evidence in the data of existing exploit code or widespread exploitation.

Generated by OpenCVE AI on April 14, 2026 at 18:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor patch or upgrade to a newer version if one is released
  • If no patch is available, modify view_att.php to use prepared statements and perform input validation
  • Restrict access to the admin interface by using network controls such as firewalls, VPNs, or MFA
  • Monitor application logs for anomalous database queries

Generated by OpenCVE AI on April 14, 2026 at 18:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in SourceCodester Online Employees Work From Home Attendance System

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in SourceCodester Online Employees Work From Home Attendance System

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Employees Work From Home Attendance System
Vendors & Products Sourcecodester
Sourcecodester online Employees Work From Home Attendance System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php.
References

Subscriptions

Sourcecodester Online Employees Work From Home Attendance System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:29:02.156Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37593

cve-icon Vulnrichment

Updated: 2026-04-14T15:28:14.541Z

cve-icon NVD

Status : Deferred

Published: 2026-04-14T15:16:33.153

Modified: 2026-06-17T10:41:36.463

Link: CVE-2026-37593

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')