Primary

Context

Quatuor Performance Evaluation Out-of-Band SQL Injection Vulnerability

Vulnerability

A critical out-of-band SQL injection vulnerability has been identified in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The vulnerability exists in the 'Id_usuario' parameter of '/evaluacion_acciones_ver_auto.aspx'. Exploiting this flaw could enable an attacker to extract sensitive database information through external channels, bypassing direct application response and compromising data confidentiality.

Impact

Exploitation allows for unauthorized data extraction from the database, undermining the confidentiality of the information stored.

Remediation

The vulnerability has been addressed in the latest version of the application, released on November 12, 2025.

Added: Jan 27, 2026, 5:27 PM

Updated: Jan 27, 2026, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Quatuor Performance Evaluation Out-of-Band SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating