Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2026-1476: Gabinete Técnico de Programación's EDD App SQL Data Leak Risk
CVE-2026-1476
Summary
A security flaw in the EDD app developed by Gabinete Técnico de Programación allows hackers to steal sensitive data from the app's database without the app knowing. This puts confidential information at risk of being stolen. Users who use the EDD app should update it or take other security measures to protect their data.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| quatuor | evaluacion_de_desempeno |
All versions
cpe:2.3:a:quatuor:evaluacion_de_desempeno:-:*:*:*:*:*:*:* |
Original title
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability ...
Original description
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in ‘/evaluacion_acciones_ver_auto.aspx’, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information.
nvd CVSS3.1
7.5
nvd CVSS4.0
9.3
Vulnerability type
CWE-89
SQL Injection
- https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuo... Third Party Advisory
Published: 27 Jan 2026 · Updated: 15 Jun 2026 · First seen: 6 Mar 2026