Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
SourceCodester Employee Task Management System allows SQL injection via date parameter
CVE-2026-3751
Summary
A security flaw in the SourceCodester Employee Task Management System could allow an attacker to access unauthorized data. This is a serious issue that could compromise sensitive employee information. If you use this system, update it to the latest version as soon as possible to prevent potential security breaches.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| oretnom23 | employee_task_management_system | 1.0 | – |
Original title
A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. ...
Original description
A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
nvd CVSS2.0
5.8
nvd CVSS3.1
4.7
nvd CVSS4.0
5.1
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026