Striv3R

Name of the Vulnerable Software and Affected Versions: RSI Queue Management System version 3.0 Description: An unauthenticated blind SQL injection issue exists within the `TaskID` parameter of the GET request handler. This allows attackers to remotely inject time-delayed SQL payloads, inducing server response delays and enabling time-based inference and iterative extraction of sensitive database contents without authentication. Recommendations: For RSI Queue Management System version 3.0, consider disabling the `TaskID` parameter in the GET request handler until a patch is available. Restrict access to the GET request handler to minimize the risk of exploitation. Avoid using the `TaskID` parameter until the issue is resolved.