Description
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: Unauthorized Data Access
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a classic SQL injection that occurs in the /wfh_attendance/admin/view_employee.php file of SourceCodester Online Employees Work From Home Attendance System v1.0 because user input is not properly validated or sanitized. An attacker who can supply crafted input could cause the application to execute unintended SQL commands, potentially allowing unauthorized read, update, or delete operations on the employee attendance database, which would expose sensitive personnel data and disrupt data integrity.

Affected Systems

The affected product is SourceCodester Online Employees Work From Home Attendance System version 1.0, a web‑based attendance tracking solution.

Risk and Exploitability

The CVSS score is not available and the EPSS score is not provided, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is the public web interface of the admin page, meaning an attacker could exploit the flaw without needing prior authentication if the admin section is risk of exploitation is therefore high for installations that do not restrict or secure the admin path, potentially leading to unauthorized data disclosure or modification.

Generated by OpenCVE AI on April 14, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor-published patch for SourceCodester Online Employees Work From Home Attendance System v1.0; if no patch exists, upgrade to the latest stable release.
  • Modify /wfh_attendance/admin/view_employee.php to use parameterized SQL queries or an ORM that escapes user input to prevent injection attacks.
  • Restrict access to the admin interface by enforcing authentication, using IP whitelisting, and enabling multi‑factor authentication wherever possible.
  • Enable detailed SQL query logging and monitor logs for suspicious activity that could indicate injection attempts.

Generated by OpenCVE AI on April 14, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Admin View Employee Page of SourceCodester Online Employees Work From Home Attendance System v1.0

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Employees Work From Home Attendance System
Vendors & Products Sourcecodester
Sourcecodester online Employees Work From Home Attendance System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php.
References

Subscriptions

Sourcecodester Online Employees Work From Home Attendance System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:28:50.725Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37594

cve-icon Vulnrichment

Updated: 2026-04-14T15:28:15.678Z

cve-icon NVD

Status : Received

Published: 2026-04-14T15:16:33.273

Modified: 2026-04-14T16:16:41.550

Link: CVE-2026-37594

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:52Z

Weaknesses