Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out-of-band SQL injection in Quatuor Performance Evaluation
Vulnerability Description
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_evaluacion' in '/evaluacion_objetivos_evalua_definido.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Quatuor Evaluación de Desempeño SQL注入漏洞
Vulnerability Description
Quatuor Evaluación de Desempeño是西班牙Quatuor公司的一个绩效评估系统。 Quatuor Evaluación de Desempeño存在SQL注入漏洞,该漏洞源于对文件/evaluacion_objetivos_evalua_definido.aspx中参数Id_evaluacion的错误操作,可能导致带外SQL注入攻击,泄露数据库敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A