CVE-2015-2972 - Vulnerability Details

Description

Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: 2015-07-19

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:sysphonic:thetis:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2015-3055	Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00947.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://jvn.jp/en/jp/JVN19011483/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000099
http://sysphonic.com/en/thetis/THETIS-SEC-001.html
https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23
https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb
https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57
https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9
https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277
https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f
https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef
https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d

History

No history.

Subscriptions

Sysphonic Thetis

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2015-07-19T15:00:00.000Z

Updated: 2024-08-06T05:32:21.303Z

Reserved: 2015-04-07T00:00:00.000Z

Link: CVE-2015-2972

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-07-19T15:59:00.087

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-2972

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-89

Tracking

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object