CVE-2026-1476

Name of the Vulnerable Software and Affected Versions Performance Evaluation (EDD) application versions (affected versions not specified)

Description An out-of-band SQL injection vulnerability (OOB SQLi) exists in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this issue could allow an attacker to extract sensitive information from the database through external channels. The vulnerability is located in the Id usuario parameter of the /evaluacion acciones ver auto.aspx API endpoint. The application does not directly return the extracted data, compromising the confidentiality of the stored information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.