Floragasse 7 – 5th floor, 1040 Vienna


Security Advisory: CVE-2015-5243 rediscovered: phpWhois before 5.1.0 PHP Code Injection

phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned
WHOIS data. This allows attackers controlling the WHOIS information of a
requested domain to execute arbitrary PHP code in the context of the application.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution