Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/01/27 4:32 p.m.4 views

CVE-2026-1482 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idevaluacion' in '/evaluacionobjetivosevaluadefinido.aspx', could allow an attacker to...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1
CVE
CVE
added 2026/01/27 4:31 p.m.12 views

CVE-2026-1480

The CVE-2026-1480 entry documents an out-of-band SQL injection in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The vulnerability affects the Id_usuario parameter in the /evaluacion_objetivos_anyo_sig_evalua.aspx endpoint, enabling an attacker to exfiltrate sen...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/27 4:30 p.m.16 views

CVE-2026-1478

The CVE-2026-1478 issue concerns the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. It describes an out-of-band SQL injection (OOB SQLi) in the API endpoints, specifically in the parameters Id_usuario and Id_evaluacion of /evaluacion_hca_evalua.aspx. The vulnerabi...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/27 4:30 p.m.15 views

CVE-2026-1477

CVE-2026-1477 affects the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. Affected component: API endpoints handling the parameters in the old evaluation page (/evaluacion_competencias_evalua_old.aspx), specifically Id_usuario and Id_evaluacion. Root cause: out-of-ba...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/27 4:28 p.m.23 views

CVE-2026-1475 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter ‘Idusuario' in ‘/evaluacionaccionesevalua.aspx’, could allow an attacker to extract...

9.3CVSS0.00327EPSS
Exploits0References1
CVE
CVE
added 2026/01/27 4:27 p.m.24 views

CVE-2026-1474

CVE-2026-1474 describes an out-of-band SQL injection in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The vulnerability affects the /evaluacion_inicio.aspx endpoint, where the parameters Id_usuario and Id_evaluacion can be exploited to extract data from the dat...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder