CVE-2015-2972
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
7.5
Description
Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| sysphonic | thetis | {"endIncluding":"2.2.0"} | |
References
- http://jvn.jp/en/jp/JVN19011483/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000099
- http://sysphonic.com/en/thetis/THETIS-SEC-001.html
- https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23
- https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb
- https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57
- https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9
- https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277
- https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f
- https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef
- https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d
- http://jvn.jp/en/jp/JVN19011483/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000099
- http://sysphonic.com/en/thetis/THETIS-SEC-001.html
- https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23
- https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb
- https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57
- https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9
- https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277
- https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f
- https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef
- https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.