Description
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: Data Compromise
Action: Patch Now
AI Analysis

Impact

The vulnerability is a classic SQL injection flaw located in the /wfh_attendance/admin/manage_department.php page of the SourceCodester Online Employees Work From Home Attendance System v1.0. An attacker capable of inserting malicious SQL statements can read, modify, or delete database records, potentially exposing sensitive employee information or disrupting the attendance tracking process. The weakness is a failure to properly escape or parameterize user input, allowing unauthorized manipulation of data.

Affected Systems

SourceCodester Online Employees Work From Home Attendance System version 1.0. The vulnerability resides in the /wfh_attendance/admin/manage_department.php file. No other affected versions or vendors are documented.

Risk and Exploitability

The flaw is exploitable via the web interface and does not require any special privileges beyond accessing the manage department page. Because the page likely handles administrative input, an unauthenticated or low‑privilege attacker could inject SQL commands. The lack of an CVSS score or EPSS value means the severity is unknown, but given the potential for data theft and integrity compromise, the risk should be considered high. Since the vulnerability is not listed in the KEV catalog, no known exploits have been reported yet, but the attack vector and impact suggest that an exploit could be developed quickly.

Generated by OpenCVE AI on April 14, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor patch or update the application to a fixed version.
  • Sanitize and parameterize all user inputs in /wfh_attendance/admin/manage_department.php.
  • Restrict access to the vulnerable page to authorized administrative users.
  • Conduct a penetration test or vulnerability scan to confirm remediation.
  • Monitor logs for suspicious SQL activity.

Generated by OpenCVE AI on April 14, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in SourceCodester Online Employees Work From Home Attendance System 1.0

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Employees Work From Home Attendance System
Vendors & Products Sourcecodester
Sourcecodester online Employees Work From Home Attendance System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php.
References

Subscriptions

Sourcecodester Online Employees Work From Home Attendance System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:28:25.909Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37596

cve-icon Vulnrichment

Updated: 2026-04-14T15:28:18.445Z

cve-icon NVD

Status : Received

Published: 2026-04-14T15:16:33.513

Modified: 2026-04-14T16:16:41.900

Link: CVE-2026-37596

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:50Z

Weaknesses