Описание
An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication.
Ссылки
- Mailing List
- Mailing List
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:rsiqueue:management_system:3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00219
Низкий
7.5 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 7.5
github
9 месяцев назад
An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication.
EPSS
Процентиль: 44%
0.00219
Низкий
7.5 High
CVSS3
Дефекты
CWE-89