CVE-2026-1483

Name of the Vulnerable Software and Affected Versions Performance Evaluation (EDD) application versions (affected versions not specified)

Description An out-of-band SQL injection (OOB SQLi) issue exists in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploitation of this issue involves the Id usuario parameter within the ''/evaluacion objetivos ver auto.aspx'' endpoint, potentially allowing an attacker to extract sensitive information from the database via external channels. The application does not directly return the extracted data, compromising the confidentiality of stored information. An out-of-band SQL injection occurs when a database server is tricked into sending data to an attacker-controlled server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.