CVE-2026-1479

Name of the Vulnerable Software and Affected Versions Performance Evaluation (EDD) application versions (affected versions not specified)

Description An out-of-band SQL injection flaw exists in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploitation of this flaw through the Id usuario and Id evaluacion parameters in the ''/evaluacion hca ver auto.asp'' API endpoint could allow an attacker to extract sensitive information from the database via external channels, without the application directly returning the data. This compromises the confidentiality of stored information. An out-of-band SQL injection (OOB SQLi) attack involves an attacker using a secondary channel to retrieve the results of a SQL query.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.