CVE-2026-1482

Name of the Vulnerable Software and Affected Versions Performance Evaluation (EDD) application versions (affected versions not specified)

Description An out-of-band SQL injection flaw exists in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. Successful exploitation of this issue allows an attacker to extract sensitive information from the database through external channels. The vulnerability is located in the Id evaluacion parameter of the ''/evaluacion objetivos evalua definido.aspx'' API endpoint. This technique, known as out-of-band SQL injection (OOB SQLi), allows data exfiltration without the application directly returning the information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.