Description
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Data Compromise
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a classic SQL injection found in the admin view employee page of the source code. It allows an attacker to inject arbitrary SQL statements through the request parameters handled by the page.

Affected Systems

The flaw exists solely in SourceCodester Online Employees Work From Home Attendance System version 1.0. No additional vendor or version details are available from the CVE entry.

Risk and Exploitability

The CVSS score of 2.7 marks this as a low‑severity issue, the EPSS score is unavailable, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack path requires access to the /wfh_attendance/admin/view_employee.php endpoint, suggesting that administrative credentials or unauthenticated access to the admin area would be prerequisites for exploitation. No public exploit code has been reported at this time, but the potential for unauthorized data manipulation warrants remediation.

Generated by OpenCVE AI on April 14, 2026 at 18:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑supplied patch or updated version that fixes the SQL injection flaw.
  • If an official fix is unavailable, restrict access to the /wfh_attendance/admin/view_employee.php page with strong authentication and authorize only trusted administrators.
  • Modify the application code to use parameterized queries or an ORM so that user input is safely handled.
  • Deploy web application firewall rules that block suspicious SQL patterns until a permanent solution is applied.

Generated by OpenCVE AI on April 14, 2026 at 18:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in Admin View Employee Page of SourceCodester Online Employees Work From Home Attendance System v1.0

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Admin View Employee Page of SourceCodester Online Employees Work From Home Attendance System v1.0

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Employees Work From Home Attendance System
Vendors & Products Sourcecodester
Sourcecodester online Employees Work From Home Attendance System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php.
References

Subscriptions

Sourcecodester Online Employees Work From Home Attendance System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:28:50.725Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37594

cve-icon Vulnrichment

Updated: 2026-04-14T15:28:15.678Z

cve-icon NVD

Status : Deferred

Published: 2026-04-14T15:16:33.273

Modified: 2026-06-17T10:41:36.607

Link: CVE-2026-37594

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')