{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T12:34:50.892","vulnerabilities":[{"cve":{"id":"CVE-2025-26086","sourceIdentifier":"cve@mitre.org","published":"2025-05-20T15:16:07.023","lastModified":"2025-06-12T16:20:56.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication."},{"lang":"es","value":"Existe una vulnerabilidad de inyección SQL ciega no autenticada en RSI Queue Management System v3.0 dentro del parámetro TaskID del controlador de solicitudes GET. Los atacantes pueden inyectar remotamente payloads SQL con retardo temporal para inducir retrasos en la respuesta del servidor, lo que permite la inferencia basada en el tiempo y la extracción iterativa de contenido confidencial de la base de datos sin autenticación."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rsiqueue:management_system:3.0:*:*:*:*:*:*:*","matchCriteriaId":"FA06FC7A-7008-4E0C-A367-FE2C9039BA6C"}]}]}],"references":[{"url":"https://seclists.org/fulldisclosure/2025/May/21","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://seclists.org/fulldisclosure/2025/May/21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]}]}}]}