A vulnerability has been found in SourceCodester Online Employees Work from Home Attendance System 1.0 and classified as critical . Affected by this issue is some unknown functionality of the file /wfh_attendance/admin/attendance_list.php . This manipulation causes sql injection. This vulnerability is registered as CVE-2026-37597 . Remote exploitation of the attack is possible. No exploit is available.