A vulnerability identified as critical has been detected in SourceCodester Online Employees Work from Home Attendance System 1.0 . This issue affects some unknown processing of the file /wfh_attendance/admin/manage_employee.php . The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2026-37595 . The attack is possible to be carried out remotely. No exploit exists.