Primary

Context

Quatuor Performance Evaluation Out-of-Band SQL Injection Vulnerability

Vulnerability

A critical out-of-band SQL injection vulnerability has been identified in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. This vulnerability allows attackers to exploit the 'Id_usuario' and 'Id_evaluacion' parameters in '/evaluacion_hca_evalua.aspx' to extract sensitive database information through external channels, bypassing direct application response and compromising data confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized access and extraction of sensitive information from the database, through external channels, without the application directly returning the data.

Remediation

The vulnerability has been addressed in the latest version of the application, released on November 12, 2025.

Added: Jan 27, 2026, 5:26 PM

Updated: Jan 27, 2026, 5:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Quatuor Performance Evaluation Out-of-Band SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating