Description
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: SQL injection can enable unauthorized database access or modification
Action: Apply Patch
AI Analysis

Impact

A vulnerable SQL statement in the admin view page allows malicious input to be injected into database queries. If exploited, an attacker can read sensitive records, alter or delete data, and potentially gain further access to the application. This flaw represents a classic database injection weakness that compromises confidentiality and integrity of the employee attendance data.

Affected Systems

The affected product is SourceCodester Online Employees Work From Home Attendance System, version 1.0. No other affected versions are listed.

Risk and Exploitability

Specific CVSS, EPSS, or KEV metrics are not provided in the source material. Because SQL injection is a well‑known attack vector that can be performed by inserting special input via the web interface, the risk can be considered moderate to high if the admin interface is reachable. The lack of an official patch or mitigation guidance suggests that immediate action is required to prevent potential exploitation.

Generated by OpenCVE AI on April 14, 2026 at 15:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest certified version of SourceCodester Online Employees Work From Home Attendance System if available
  • If an upgrade is not immediately possible, implement input validation and parameterized queries in the /wfh_attendance/admin/view_att.php file
  • Restrict access to the admin area through network segmentation or strong authentication controls
  • Monitor logs for suspicious query patterns and blocked access attempts

Generated by OpenCVE AI on April 14, 2026 at 15:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in SourceCodester Online Employees Work From Home Attendance System

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Employees Work From Home Attendance System
Vendors & Products Sourcecodester
Sourcecodester online Employees Work From Home Attendance System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php.
References

Subscriptions

Sourcecodester Online Employees Work From Home Attendance System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:29:02.156Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37593

cve-icon Vulnrichment

Updated: 2026-04-14T15:28:14.541Z

cve-icon NVD

Status : Received

Published: 2026-04-14T15:16:33.153

Modified: 2026-04-14T16:16:41.333

Link: CVE-2026-37593

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:53Z

Weaknesses