2026-01-27 16:32:25
INCIBE
PUBLISHED
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter Id_usuario in /evaluacion_objetivos_anyo_sig_ver_auto.aspx, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information.