Vulnerability Details : CVE-2015-2972
Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2015-2972
Probability of exploitation activity in the next 30 days: 0.61%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-2972
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-2972
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2972
-
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000099
JVNDB-2015-000099 - JVN iPedia - 脆弱性対策情報データベースVendor Advisory
-
https://github.com/sysphonic/thetis/commit/8004ee0c384daae0b28478ff8193d1990c397f57
Reinforcement of security. · sysphonic/thetis@8004ee0 · GitHub
-
https://github.com/sysphonic/thetis/commit/d9ed965075634ca1a095b480b459c68445ce951d
Some trivial bug-fixes. · sysphonic/thetis@d9ed965 · GitHub
-
http://jvn.jp/en/jp/JVN19011483/index.html
JVN#19011483: Thetis vulnerable to SQL injectionVendor Advisory
-
http://sysphonic.com/en/thetis/THETIS-SEC-001.html
Sysphonic - The SuperExpert Software DeveloperVendor Advisory
-
https://github.com/sysphonic/thetis/commit/a61dc72035c7ae0b06f6d7dc8b2a848ffc7db277
x ApplicationHelper.get_sql_like() -> o SqlHelper.get_sql_like() · sysphonic/thetis@a61dc72 · GitHub
-
https://github.com/sysphonic/thetis/commit/4ca3f5f486759660b87d7c146f1fdc11264f56eb
Reinforcement of security. · sysphonic/thetis@4ca3f5f · GitHub
-
https://github.com/sysphonic/thetis/commit/842e44f0c2bd7d680430bb89a3bb78fd744961f9
Reinforcement of security. · sysphonic/thetis@842e44f · GitHub
-
https://github.com/sysphonic/thetis/commit/c07e255d2296d50a0bffafaf66a76f8f1b53621f
Thetis ver.2.3.0: Reinforcement of security. · sysphonic/thetis@c07e255 · GitHub
-
https://github.com/sysphonic/thetis/commit/1b8234706e1294f41df42f3d1ccb71b983ffbe23
Reinforcement of security. · sysphonic/thetis@1b82347 · GitHub
-
https://github.com/sysphonic/thetis/commit/ce535a38ec92ff0f98af11ab41a425d1529a31ef
Reinforcement of security. · sysphonic/thetis@ce535a3 · GitHub
Products affected by CVE-2015-2972
- cpe:2.3:a:sysphonic:thetis:*:*:*:*:*:*:*:*