CVE-2026-1480

Name of the Vulnerable Software and Affected Versions Performance Evaluation (EDD) application (affected versions not specified)

Description An out-of-band SQL injection (OOB SQLi) exists in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this issue in the Id usuario parameter within the '/evaluacion objetivos anyo sig evalua.aspx' API endpoint could allow an attacker to extract sensitive information from the database through external channels, without the application directly returning the data. This compromises the confidentiality of the stored information. An out-of-band SQL injection occurs when the application sends data to an external server, allowing an attacker to retrieve information from the database through that channel.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.