Online Employees Attendance System SQL Injection in admin view

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.7

Online Employees Attendance System SQL Injection in admin view

CVE-2026-37594

Summary

The Online Employees Work From Home Attendance System version 1.0 contains a vulnerability that allows an attacker to manipulate database queries, potentially exposing sensitive employee data or disrupting the system. This affects the admin view feature, which allows unauthorized access to sensitive information. Update the system to a fixed version or patch the vulnerable file to prevent exploitation.

Original title

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php.

Original description

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php.

Vulnerability type

CWE-89 SQL Injection

https://github.com/shininadd/cve_report/blob/main/sourcecodester/online-employee...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026