CVE-2015-2972 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00947.

Key SSVC decision points have not yet been added.

Vendors	Products
Sysphonic	Thetis

Configuration 1 [-]

cpe:2.3:a:sysphonic:thetis:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://jvn.jp/en/jp/JVN19011483/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000099
http://sysphonic.com/en/thetis/THETIS-SEC-001.html
https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23
https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb
https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57
https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9
https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277
https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f
https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef
https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2015-07-19T15:00:00

Updated: 2024-08-06T05:32:21.303Z

Reserved: 2015-04-07T00:00:00

Link: CVE-2015-2972

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-07-19T15:59:00.087

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-2972

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-07-19T15:57:02", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sysphonic.com/en/thetis/THETIS-SEC-001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23"}, {"name": "JVNDB-2015-000099", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000099"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277"}, {"name": "JVN#19011483", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN19011483/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2015-2972", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef", "refsource": "CONFIRM", "url": "https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef"}, {"name": "https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57", "refsource": "CONFIRM", "url": "https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57"}, {"name": "https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb", "refsource": "CONFIRM", "url": "https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb"}, {"name": "http://sysphonic.com/en/thetis/THETIS-SEC-001.html", "refsource": "CONFIRM", "url": "http://sysphonic.com/en/thetis/THETIS-SEC-001.html"}, {"name": "https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23", "refsource": "CONFIRM", "url": "https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23"}, {"name": "JVNDB-2015-000099", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000099"}, {"name": "https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d", "refsource": "CONFIRM", "url": "https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d"}, {"name": "https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9", "refsource": "CONFIRM", "url": "https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9"}, {"name": "https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f", "refsource": "CONFIRM", "url": "https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f"}, {"name": "https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277", "refsource": "CONFIRM", "url": "https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277"}, {"name": "JVN#19011483", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN19011483/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:32:21.303Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sysphonic.com/en/thetis/THETIS-SEC-001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23"}, {"name": "JVNDB-2015-000099", "tags": ["third-party-advisory", "x_refsource_JVNDB", "x_transferred"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000099"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277"}, {"name": "JVN#19011483", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN19011483/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2015-2972", "datePublished": "2015-07-19T15:00:00", "dateReserved": "2015-04-07T00:00:00", "dateUpdated": "2024-08-06T05:32:21.303Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sysphonic:thetis:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE53F446-506C-48F6-8796-6320AEB1F1B2", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Sysphonic Thetis en versiones anteriores a la 2.3.0, permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-2972", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-19T15:59:00.087", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://jvn.jp/en/jp/JVN19011483/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000099"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://sysphonic.com/en/thetis/THETIS-SEC-001.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23"}, {"source": "vultures@jpcert.or.jp", "url": "https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb"}, {"source": "vultures@jpcert.or.jp", "url": "https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57"}, {"source": "vultures@jpcert.or.jp", "url": "https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9"}, {"source": "vultures@jpcert.or.jp", "url": "https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277"}, {"source": "vultures@jpcert.or.jp", "url": "https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f"}, {"source": "vultures@jpcert.or.jp", "url": "https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef"}, {"source": "vultures@jpcert.or.jp", "url": "https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://jvn.jp/en/jp/JVN19011483/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000099"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://sysphonic.com/en/thetis/THETIS-SEC-001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}