6 matches found
CVE-2026-1482 Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idevaluacion' in '/evaluacionobjetivosevaluadefinido.aspx', could allow an attacker to...
CVE-2026-1480
The CVE-2026-1480 entry documents an out-of-band SQL injection in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The vulnerability affects the Id_usuario parameter in the /evaluacion_objetivos_anyo_sig_evalua.aspx endpoint, enabling an attacker to exfiltrate sen...
CVE-2026-1478
The CVE-2026-1478 issue concerns the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. It describes an out-of-band SQL injection (OOB SQLi) in the API endpoints, specifically in the parameters Id_usuario and Id_evaluacion of /evaluacion_hca_evalua.aspx. The vulnerabi...
CVE-2026-1477
CVE-2026-1477 affects the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. Affected component: API endpoints handling the parameters in the old evaluation page (/evaluacion_competencias_evalua_old.aspx), specifically Id_usuario and Id_evaluacion. Root cause: out-of-ba...
CVE-2026-1475 Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter ‘Idusuario' in ‘/evaluacionaccionesevalua.aspx’, could allow an attacker to extract...
CVE-2026-1474
CVE-2026-1474 describes an out-of-band SQL injection in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The vulnerability affects the /evaluacion_inicio.aspx endpoint, where the parameters Id_usuario and Id_evaluacion can be exploited to extract data from the dat...