Primary

Context

Quatuor Performance Evaluation Out-of-Band SQL Injection Vulnerability

Vulnerability

A critical out-of-band SQL injection vulnerability has been identified in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The issue arises in the 'Id_evaluacion' parameter on the '/evaluacion_objetivos_evalua_definido.aspx' page. This vulnerability allows attackers to extract sensitive database information through external channels, bypassing direct application response, and compromising data confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized data extraction from the application's database, allowing sensitive information to be accessed through external channels without the application's knowledge.

Remediation

The vulnerability has been addressed in the latest version of the application, released on November 12, 2025. Users are advised to update to this version.

Added: Jan 27, 2026, 5:24 PM

Updated: Jan 27, 2026, 5:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Quatuor Performance Evaluation Out-of-Band SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating