CVE-2026-1477

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacioncompetenciasevaluaold.aspx’, could allow ...

CVE-2026-1482 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idevaluacion' in '/evaluacionobjetivosevaluadefinido.aspx', could allow an attacker to...

EUVD-2026-4777

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaverauto.asp', could allow an attacker...

CVE-2026-1479

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaverauto.asp', could allow an attacker...

CVE-2026-1477

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacioncompetenciasevaluaold.aspx’, could allow ...

EUVD-2026-4749

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacioncompetenciasevaluaold.aspx’, could allow ...

EUVD-2025-117008

Malicious code in varying-harlequin-pig npm...

EUVD-2024-17465

Malicious code in bioql PyPI...

The vulnerability of the delete.php script (located at general/hr/manage/staff_title_evaluation/delete.php) within the Tongda OA automation tool for business processes, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the delete.php script located at general/hr/manage/stafftitleevaluation/delete.php within the Tongda OA automation tool relates to the failure to protect the SQL query structure during the processing of the EVALUATIONID parameter. Exploiting this vulnerability allows an...

CVE-2023-5261

A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/stafftitleevaluation/delete.php. The manipulation of the argument EVALUATIONID leads to sql injection. The exploit has been disclosed to the public and may...

PT-2023-5589 · Tongda · Tongda Oa 2017

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions prior to 11.10 Description: A critical issue was found in Tongda OA 2017, affecting an unknown function of the file general/hr/manage/staff title evaluation/delete.php. The manipulation of the EVALUATION ID argument...