SQL Injection vulnerability in Online Employees Work From Home Attendance System

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.7

SQL Injection vulnerability in Online Employees Work From Home Attendance System

CVE-2026-37597

Summary

A hacker can access sensitive data in the online attendance system by manipulating input fields. This could lead to the exposure of confidential information and unauthorized access to the system. To fix this, update to a secure version of the software or implement proper input validation and sanitization.

Original title

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php.

Original description

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php.

Vulnerability type

CWE-89 SQL Injection

https://github.com/shininadd/cve_report/blob/main/sourcecodester/online-employee...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026