Published:
2015/07/15
Last Updated:
2015/07/15
Information from Sysphonic Co., Ltd.
Vulnerability ID:JVN#19011483
Title:Thetis vulnerable to SQL injection
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
* Summary
Thetis ver.2.2.0 and older have vulnerability against SQL Injection. Malicious request from client may cause leak and falsification of database.
* Applicable versions
ver.2.2.0 and older
(Commits on GitHub before 2015-07-14)
* How to fix it
Pull and apply the latest project from GitHub.
=> http://github.com/sysphonic/thetis
