CVE-2025-26086

{"id": "CVE-2025-26086", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-05-20T15:16:07.023", "references": [{"url": "https://seclists.org/fulldisclosure/2025/May/21", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2025/May/21", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL ciega no autenticada en RSI Queue Management System v3.0 dentro del par\u00e1metro TaskID del controlador de solicitudes GET. Los atacantes pueden inyectar remotamente payloads SQL con retardo temporal para inducir retrasos en la respuesta del servidor, lo que permite la inferencia basada en el tiempo y la extracci\u00f3n iterativa de contenido confidencial de la base de datos sin autenticaci\u00f3n."}], "lastModified": "2025-06-12T16:20:56.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsiqueue:management_system:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA06FC7A-7008-4E0C-A367-FE2C9039BA6C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}