CVE-2015-5243

Name: CVE-2015-5243
Creator: NVD / NIST
Published: 2018-08-20T21:29:00.417+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.19%

Last modified Jun 17, 2026

CVE-2015-5243 is a vulnerability of currently unknown severity. phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.. EPSS estimates a 6.19% chance of exploitation in the next 30 days.

Description

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

Metrics

EPSS Probability

6.19%

92.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Phpwhois Project	Phpwhois	<= 4.2.2

References

https://blog.nettitude.com/uk/cve-2015-5243-phpwhois-remote-code-executionThird Party Advisory
https://github.com/Gemorroj/phpwhois/commit/91c937e03c876ba1290b6de2a3ad953d2105fdd0Patch, Third Party Advisory
https://github.com/jsmitty12/phpWhois/blob/master/CHANGELOG.mdRelease Notes, Third Party Advisory
https://github.com/jsmitty12/phpWhois/issues/19Issue Tracking, Third Party Advisory
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_ExecutionExploit, Third Party Advisory
https://github.com/sparc/phpWhois.org/commit/5cc572490c9053d46598ec9348a11e36a5a33a46#diff-f150ae17da7341bf6c2eff928684b3a3Patch, Vendor Advisory
https://blog.nettitude.com/uk/cve-2015-5243-phpwhois-remote-code-executionThird Party Advisory
https://github.com/Gemorroj/phpwhois/commit/91c937e03c876ba1290b6de2a3ad953d2105fdd0Patch, Third Party Advisory
https://github.com/jsmitty12/phpWhois/blob/master/CHANGELOG.mdRelease Notes, Third Party Advisory
https://github.com/jsmitty12/phpWhois/issues/19Issue Tracking, Third Party Advisory
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_ExecutionExploit, Third Party Advisory
https://github.com/sparc/phpWhois.org/commit/5cc572490c9053d46598ec9348a11e36a5a33a46#diff-f150ae17da7341bf6c2eff928684b3a3Patch, Vendor Advisory

Timeline

Published: Aug 20, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-5243?

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

How severe is CVE-2015-5243?

Severity scoring for CVE-2015-5243 is pending analysis. The EPSS model estimates a 6.19% probability of exploitation in the next 30 days.

How do I fix CVE-2015-5243?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-5243?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST