CNNVD-202601-4500 Information

CNNVD ID

CNNVD-202601-4500

Related CVE

CVE-2026-1481

• CNNVD Published: 2026-01-27

Description (Chinese)

Quatuor Evaluación de Desempeño是西班牙Quatuor公司的一个绩效评估系统。 Quatuor Evaluación de Desempeño存在SQL注入漏洞，该漏洞源于对文件/evaluacion_objetivos_anyo_sig_ver_auto.aspx中参数Id_usuario的错误操作，可能导致带外SQL注入攻击，泄露数据库敏感信息。

Description (English)

Quatuor Evaluación de Desempeño is a performance appraisal system of the Spanish company Quatuor. Quatuor Evaluación de Desempeño had an injection loophole in SQL, which stemmed from an error in the parameter Id usuario in document/evaluacion objetivos anyo sig ver auto.aspx, which could lead to an external SQL injection attack and leak sensitive information from the database.

Hazard Level

Low

Vulnerability Type

SQL注入

Affected Vendor

Quatuor

Published

2026-01-27

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-performance-evaluation

Patch

https://quatuor.com/#