Primary

Context

Ruisibi Rsbi-Pom SQL Injection Vulnerability in DatasetService Path

Vulnerability

A time-based blind SQL injection vulnerability has been identified in Ruisibi's Rsbi-Pom version 4.7. The issue occurs within the DatasetService path of the application.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate SQL queries and potentially extract information from the database or interfere with database operations.

Reproduction

To reproduce this vulnerability, send a POST request to the '/bi/service/model/queryDatasetMeta.action' endpoint. Include a payload that injects SQL commands into the 'cfg' parameter, specifically targeting the 'queryDsetDatas' function. The injection can be verified by observing a time delay in the application's response, indicating that the injected SQL command was executed.

Added: Sep 2, 2025, 12:35 PM

Updated: Sep 2, 2025, 4:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ruisibi Rsbi-Pom SQL Injection Vulnerability in DatasetService Path

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating