CVE-2025-26086

Name of the Vulnerable Software and Affected Versions: RSI Queue Management System version 3.0

Description: An unauthenticated blind SQL injection issue exists within the TaskID parameter of the GET request handler. This allows attackers to remotely inject time-delayed SQL payloads, inducing server response delays and enabling time-based inference and iterative extraction of sensitive database contents without authentication.

Recommendations: For RSI Queue Management System version 3.0, consider disabling the TaskID parameter in the GET request handler until a patch is available. Restrict access to the GET request handler to minimize the risk of exploitation. Avoid using the TaskID parameter until the issue is resolved.