CVE-2026-1478

Name of the Vulnerable Software and Affected Versions Performance Evaluation (EDD) application (affected versions not specified)

Description An out-of-band SQL injection flaw exists in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. Successful exploitation allows an attacker to extract sensitive information from the database through external channels. The vulnerability is present in the Id usuario and Id evaluacion parameters of the /evaluacion hca evalua.aspx API endpoint. An out-of-band SQL injection (OOB SQLi) is a technique where an attacker can extract data from a database by forcing the database server to send the data to an attacker-controlled server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.