PHP Attendance System Allows Malicious Database Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.7

PHP Attendance System Allows Malicious Database Access

CVE-2026-37595

Summary

The SourceCodester Online Employees Work From Home Attendance System version 1.0 has a security weakness that allows hackers to access sensitive data in the database. This is a serious issue because it could lead to unauthorized changes to employee information and attendance records. To fix this, update the system to the latest version or seek assistance from a developer to patch the vulnerable code.

Original title

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php.

Original description

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php.

Vulnerability type

CWE-89 SQL Injection

https://github.com/shininadd/cve_report/blob/main/sourcecodester/online-employee...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026