CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://seclists.org/fulldisclosure/2025/May/21	Mailing List
http://seclists.org/fulldisclosure/2025/May/21	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:rsiqueue:management_system:3.0:*:*:*:*:*:*:*

History

12 Jun 2025, 16:20

Type	Values Removed	Values Added
First Time		Rsiqueue management System Rsiqueue
References	~~() https://seclists.org/fulldisclosure/2025/May/21 -~~	() https://seclists.org/fulldisclosure/2025/May/21 - Mailing List
References	~~() http://seclists.org/fulldisclosure/2025/May/21 -~~	() http://seclists.org/fulldisclosure/2025/May/21 - Mailing List
CPE		cpe:2.3:a:rsiqueue:management_system:3.0:::::::*
Summary		(es) Existe una vulnerabilidad de inyección SQL ciega no autenticada en RSI Queue Management System v3.0 dentro del parámetro TaskID del controlador de solicitudes GET. Los atacantes pueden inyectar remotamente payloads SQL con retardo temporal para inducir retrasos en la respuesta del servidor, lo que permite la inferencia basada en el tiempo y la extracción iterativa de contenido confidencial de la base de datos sin autenticación.

20 May 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-89
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

20 May 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-20 15:16

Updated : 2025-06-12 16:20

NVD link : CVE-2025-26086

Mitre link : CVE-2025-26086

CVE.ORG link : CVE-2025-26086

JSON object : View

Products Affected

rsiqueue

management_system

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2025-26086", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-05-20T15:16:07.023", "references": [{"url": "https://seclists.org/fulldisclosure/2025/May/21", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2025/May/21", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL ciega no autenticada en RSI Queue Management System v3.0 dentro del par\u00e1metro TaskID del controlador de solicitudes GET. Los atacantes pueden inyectar remotamente payloads SQL con retardo temporal para inducir retrasos en la respuesta del servidor, lo que permite la inferencia basada en el tiempo y la extracci\u00f3n iterativa de contenido confidencial de la base de datos sin autenticaci\u00f3n."}], "lastModified": "2025-06-12T16:20:56.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsiqueue:management_system:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA06FC7A-7008-4E0C-A367-FE2C9039BA6C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10