Primary

Context

Quatuor Performance Evaluation Out-of-Band SQL Injection Vulnerability

Vulnerability

A critical out-of-band SQL injection vulnerability has been identified in the Quatuor Performance Evaluation application, specifically in the 'Id_usuario' and 'Id_evaluacion' parameters of the '/evaluacion_competencias_evalua_old.aspx' page. This vulnerability allows attackers to extract sensitive database information through external channels, bypassing direct application responses and compromising data confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized data extraction from the application's database, allowing attackers to access sensitive information without detection.

Remediation

The vulnerability has been addressed in the latest version of the application, released on November 12, 2025. Users are advised to update to this version.

Added: Jan 27, 2026, 5:26 PM

Updated: Jan 27, 2026, 5:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Quatuor Performance Evaluation Out-of-Band SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating