CNNVD-202601-4499 Information

CNNVD ID

CNNVD-202601-4499

Related CVE

CVE-2026-1482

• CNNVD Published: 2026-01-27

Description (Chinese)

Quatuor Evaluación de Desempeño是西班牙Quatuor公司的一个绩效评估系统。 Quatuor Evaluación de Desempeño存在SQL注入漏洞，该漏洞源于对文件/evaluacion_objetivos_evalua_definido.aspx中参数Id_evaluacion的错误操作，可能导致带外SQL注入攻击，泄露数据库敏感信息。

Description (English)

Quatuor Evaluación de Desempeño is a performance appraisal system of the Spanish company Quatuor. Quatuor Evaluación de Desempeño had an injection loophole in SQL, which stemmed from an error in the Id evaluación de Desempeño parameter in document/evaluacion objetivos evalua definido.aspx, which could lead to an external SQL injection attack and leaking sensitive database information.

Hazard Level

Low

Vulnerability Type

SQL注入

Affected Vendor

Quatuor

Published

2026-01-27

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-performance-evaluation

Patch

https://quatuor.com/#