Skip to main content

Evaluacion De Desempeno CVE-2026-1472

HIGH
SQL Injection (CWE-89)
2026-01-27 cve-coordination@incibe.es
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Jan 27, 2026 - 17:16 nvd
HIGH 7.5

DescriptionCVE.org

An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacion_competencias_autoeval_list.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information.

AnalysisAI

Out-of-band SQL injection in the Evaluacion De Desempeno application allows unauthenticated remote attackers to extract sensitive database information through the 'txAny' parameter in '/evaluacion_competencias_autoeval_list.aspx' without direct output reflection. By leveraging external data channels, an attacker can bypass normal application responses to exfiltrate confidential data and compromise database confidentiality. No patch is currently available for this vulnerability.

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects the the component of Evaluacion De Desempeno. An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacion_competencias_autoeval_list.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2026-1483 HIGH
7.5 Jan 27

Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated rem

CVE-2026-1482 HIGH
7.5 Jan 27

Unauthenticated attackers can exploit an out-of-band SQL injection flaw in the Evaluacion De Desempeno application's 'Id

CVE-2026-1481 HIGH
7.5 Jan 27

Out-of-band SQL injection in the Performance Evaluation (Evaluacion De Desempeno) application allows unauthenticated rem

CVE-2026-1480 HIGH
7.5 Jan 27

Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated rem

CVE-2026-1479 HIGH
7.5 Jan 27

Out-of-band SQL injection in Evaluacion De Desempeno's '/evaluacion_hca_ver_auto.asp' endpoint allows unauthenticated re

CVE-2026-1478 HIGH
7.5 Jan 27

Unauthenticated attackers can exploit an out-of-band SQL injection flaw in the Performance Evaluation (EDD) application

CVE-2026-1477 HIGH
7.5 Jan 27

Out-of-band SQL injection in the Evaluacion De Desempeno application allows unauthenticated remote attackers to extract

CVE-2026-1476 HIGH
7.5 Jan 27

Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated rem

CVE-2026-1475 HIGH
7.5 Jan 27

Unauthenticated attackers can extract sensitive database information from the Evaluacion De Desempeno application throug

CVE-2026-1474 HIGH
7.5 Jan 27

Out-of-band SQL injection in the Performance Evaluation (EDD) application allows unauthenticated remote attackers to ext

CVE-2026-1473 HIGH
7.5 Jan 27

Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated rem

Share

CVE-2026-1472 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy