Evaluacion De Desempeno
Monthly
Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to extract sensitive database information through covert channels, bypassing normal application output mechanisms. This vulnerability affects the '/evaluacion_objetivos_ver_auto.aspx' endpoint and compromises data confidentiality with no patch currently available.
Unauthenticated attackers can exploit an out-of-band SQL injection flaw in the Evaluacion De Desempeno application's 'Id_evaluacion' parameter to extract sensitive database information through indirect data exfiltration channels. This network-accessible vulnerability requires no user interaction and affects all instances without authentication controls, potentially exposing confidential evaluation records. No patch is currently available.
Out-of-band SQL injection in the Performance Evaluation (Evaluacion De Desempeno) application allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' parameter in '/evaluacion_objetivos_anyo_sig_ver_auto.aspx' by exfiltrating data via external channels. The vulnerability compromises data confidentiality without requiring user interaction, affecting all deployments of the affected application. No patch is currently available.
Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to extract sensitive database information through external data exfiltration channels. This vulnerability affects the '/evaluacion_objetivos_anyo_sig_evalua.aspx' endpoint and compromises confidentiality without requiring user interaction. No patch is currently available.
Out-of-band SQL injection in Evaluacion De Desempeno's '/evaluacion_hca_ver_auto.asp' endpoint allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' and 'Id_evaluacion' parameters. The vulnerability compromises confidentiality by enabling data exfiltration via covert channels without requiring direct application responses. No patch is currently available for affected deployments.
Unauthenticated attackers can exploit an out-of-band SQL injection flaw in the Performance Evaluation (EDD) application via the 'Id_usuario' and 'Id_evaluacion' parameters to extract sensitive database information through external channels, compromising data confidentiality. The vulnerability requires no user interaction and is remotely exploitable from the network. No patch is currently available.
Out-of-band SQL injection in the Evaluacion De Desempeno application allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' and 'Id_evaluacion' parameters in the '/evaluacion_competencias_evalua_old.aspx' endpoint. An attacker can bypass normal application output channels to exfiltrate confidential data, compromising database confidentiality. No patch is currently available for this vulnerability.
Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to extract sensitive database information through indirect data exfiltration channels. This vulnerability in the '/evaluacion_acciones_ver_auto.aspx' endpoint compromises the confidentiality of stored data without requiring user interaction. No patch is currently available for this HIGH severity vulnerability.
Unauthenticated attackers can extract sensitive database information from the Evaluacion De Desempeno application through an out-of-band SQL injection vulnerability in the 'Id_usuario' parameter of '/evaluacion_acciones_evalua.aspx'. The vulnerability allows data exfiltration via external channels without direct application responses, compromising database confidentiality. No patch is currently available for this high-severity flaw.
Out-of-band SQL injection in the Performance Evaluation (EDD) application allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' and 'Id_evaluacion' parameters in '/evaluacion_inicio.aspx'. An attacker can exfiltrate confidential data via external channels without direct application feedback, compromising data confidentiality. No patch is currently available for this vulnerability.
Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to exfiltrate sensitive database information through covert channels. The vulnerability affects the '/evaluacion_competencias_evalua.aspx' endpoint and enables unauthorized access to confidential data despite the application not directly returning query results. No patch is currently available for this HIGH severity vulnerability.
Out-of-band SQL injection in the Evaluacion De Desempeno application allows unauthenticated remote attackers to extract sensitive database information through the 'txAny' parameter in '/evaluacion_competencias_autoeval_list.aspx' without direct output reflection. By leveraging external data channels, an attacker can bypass normal application responses to exfiltrate confidential data and compromise database confidentiality. No patch is currently available for this vulnerability.
Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to extract sensitive database information through covert channels, bypassing normal application output mechanisms. This vulnerability affects the '/evaluacion_objetivos_ver_auto.aspx' endpoint and compromises data confidentiality with no patch currently available.
Unauthenticated attackers can exploit an out-of-band SQL injection flaw in the Evaluacion De Desempeno application's 'Id_evaluacion' parameter to extract sensitive database information through indirect data exfiltration channels. This network-accessible vulnerability requires no user interaction and affects all instances without authentication controls, potentially exposing confidential evaluation records. No patch is currently available.
Out-of-band SQL injection in the Performance Evaluation (Evaluacion De Desempeno) application allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' parameter in '/evaluacion_objetivos_anyo_sig_ver_auto.aspx' by exfiltrating data via external channels. The vulnerability compromises data confidentiality without requiring user interaction, affecting all deployments of the affected application. No patch is currently available.
Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to extract sensitive database information through external data exfiltration channels. This vulnerability affects the '/evaluacion_objetivos_anyo_sig_evalua.aspx' endpoint and compromises confidentiality without requiring user interaction. No patch is currently available.
Out-of-band SQL injection in Evaluacion De Desempeno's '/evaluacion_hca_ver_auto.asp' endpoint allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' and 'Id_evaluacion' parameters. The vulnerability compromises confidentiality by enabling data exfiltration via covert channels without requiring direct application responses. No patch is currently available for affected deployments.
Unauthenticated attackers can exploit an out-of-band SQL injection flaw in the Performance Evaluation (EDD) application via the 'Id_usuario' and 'Id_evaluacion' parameters to extract sensitive database information through external channels, compromising data confidentiality. The vulnerability requires no user interaction and is remotely exploitable from the network. No patch is currently available.
Out-of-band SQL injection in the Evaluacion De Desempeno application allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' and 'Id_evaluacion' parameters in the '/evaluacion_competencias_evalua_old.aspx' endpoint. An attacker can bypass normal application output channels to exfiltrate confidential data, compromising database confidentiality. No patch is currently available for this vulnerability.
Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to extract sensitive database information through indirect data exfiltration channels. This vulnerability in the '/evaluacion_acciones_ver_auto.aspx' endpoint compromises the confidentiality of stored data without requiring user interaction. No patch is currently available for this HIGH severity vulnerability.
Unauthenticated attackers can extract sensitive database information from the Evaluacion De Desempeno application through an out-of-band SQL injection vulnerability in the 'Id_usuario' parameter of '/evaluacion_acciones_evalua.aspx'. The vulnerability allows data exfiltration via external channels without direct application responses, compromising database confidentiality. No patch is currently available for this high-severity flaw.
Out-of-band SQL injection in the Performance Evaluation (EDD) application allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' and 'Id_evaluacion' parameters in '/evaluacion_inicio.aspx'. An attacker can exfiltrate confidential data via external channels without direct application feedback, compromising data confidentiality. No patch is currently available for this vulnerability.
Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to exfiltrate sensitive database information through covert channels. The vulnerability affects the '/evaluacion_competencias_evalua.aspx' endpoint and enables unauthorized access to confidential data despite the application not directly returning query results. No patch is currently available for this HIGH severity vulnerability.
Out-of-band SQL injection in the Evaluacion De Desempeno application allows unauthenticated remote attackers to extract sensitive database information through the 'txAny' parameter in '/evaluacion_competencias_autoeval_list.aspx' without direct output reflection. By leveraging external data channels, an attacker can bypass normal application responses to exfiltrate confidential data and compromise database confidentiality. No patch is currently available for this vulnerability.