CVE-2026-1474

Name of the Vulnerable Software and Affected Versions Performance Evaluation (EDD) application versions (affected versions not specified)

Description An out-of-band SQL injection flaw exists in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploitation of this flaw through the Id usuario and Id evaluacion parameters in the ''/evaluacion inicio.aspx'' endpoint could allow an attacker to extract sensitive information from the database via external channels, potentially compromising data confidentiality. An out-of-band SQL injection (OOB SQLi) is a technique where an attacker leverages the database server's ability to make network requests to an attacker-controlled server, allowing data exfiltration without direct interaction with the web application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.