Published: 2015/07/15  Last Updated: 2015/07/15

Information from Sysphonic Co., Ltd.

Vulnerability ID:JVN#19011483
Title:Thetis vulnerable to SQL injection
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

* Summary
Thetis ver.2.2.0 and older have vulnerability against SQL Injection. Malicious request from client may cause leak and falsification of database.

* Applicable versions
ver.2.2.0 and older
(Commits on GitHub before 2015-07-14)

* How to fix it
Pull and apply the latest project from GitHub.
=> http://github.com/sysphonic/thetis