CNNVD-202601-4503 Information

CNNVD ID

CNNVD-202601-4503

Related CVE

CVE-2026-1480

• CNNVD Published: 2026-01-27

Description (Chinese)

Quatuor Evaluación de Desempeño是西班牙Quatuor公司的一个绩效评估系统。 Quatuor Evaluación de Desempeño存在SQL注入漏洞，该漏洞源于对文件/evaluacion_objetivos_anyo_sig_evalua.aspx中参数Id_usuario的错误操作，可能导致带外SQL注入攻击，泄露数据库敏感信息。

Description (English)

Quatuor Evaluación de Desempeño is a performance appraisal system of the Spanish company Quatuor. Quatuor Evaluación de Desempeño has an injection loophole in SQL, which stems from the error of Id usuario, the parameter in document/evaluacion objetivos anyo sig evalua.aspx, which could lead to an external SQL injection attack and leak sensitive database information.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

Quatuor

Published

2026-01-27

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-performance-evaluation

Patch

https://quatuor.com/#