Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jOTVmLTI3Z3gtNnZxOc4AATWn
phpWhois arbitrary code execution via a crafted whois record
phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.
Permalink: https://github.com/advisories/GHSA-c95f-27gx-6vq9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jOTVmLTI3Z3gtNnZxOc4AATWn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 2 years ago
Updated: 25 days ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-c95f-27gx-6vq9, CVE-2015-5243
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-5243
- https://github.com/jsmitty12/phpWhois/issues/19
- https://github.com/Gemorroj/phpwhois/commit/91c937e03c876ba1290b6de2a3ad953d2105fdd0
- https://github.com/sparc/phpWhois.org/commit/5cc572490c9053d46598ec9348a11e36a5a33a46#diff-f150ae17da7341bf6c2eff928684b3a3
- https://blog.nettitude.com/uk/cve-2015-5243-phpwhois-remote-code-execution
- https://github.com/jsmitty12/phpWhois/blob/master/CHANGELOG.md
- https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution
- https://github.com/FriendsOfPHP/security-advisories/blob/master/brightlocal/phpwhois/CVE-2015-5243.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/david-garcia/phpwhois/CVE-2015-5243.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/ivankristianto/phpwhois/CVE-2015-5243.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/kazist/phpwhois/CVE-2015-5243.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/phpwhois/phpwhois/CVE-2015-5243.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/serluck/phpwhois/CVE-2015-5243.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/simple-updates/phpwhois/CVE-2015-5243.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/truckersmp/phpwhois/CVE-2015-5243.yaml
- https://github.com/advisories/GHSA-c95f-27gx-6vq9
Blast Radius: 13.0
Affected Packages
packagist:truckersmp/phpwhois
Dependent packages: 0Dependent repositories: 0
Downloads: 11 total
Affected Version Ranges: <= 4.3.1
No known fixed version
All affected versions: 4.2.3, 4.2.4, 4.2.5, 4.3.0, 4.3.1
packagist:simple-updates/phpwhois
Dependent packages: 0Dependent repositories: 4
Downloads: 1,406 total
Affected Version Ranges: <= 1.0.0
No known fixed version
All affected versions: 1.0.0
packagist:serluck/phpwhois
Dependent packages: 0Dependent repositories: 0
Downloads: 110 total
Affected Version Ranges: <= 4.2.6
No known fixed version
All affected versions: 4.2.3, 4.2.4, 4.2.5, 4.2.6
packagist:kazist/phpwhois
Dependent packages: 0Dependent repositories: 1
Downloads: 20,052 total
Affected Version Ranges: <= 4.2.6
No known fixed version
All affected versions: 4.2.3, 4.2.4, 4.2.5, 4.2.6
packagist:ivankristianto/phpwhois
Dependent packages: 0Dependent repositories: 1
Downloads: 33 total
Affected Version Ranges: <= 4.3.0
No known fixed version
All affected versions: 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.3.0
packagist:david-garcia/phpwhois
Dependent packages: 1Dependent repositories: 19
Downloads: 44,788 total
Affected Version Ranges: <= 4.3.1
No known fixed version
All affected versions: 4.2.3, 4.2.4, 4.2.5, 4.3.0, 4.3.1
packagist:brightlocal/phpwhois
Dependent packages: 0Dependent repositories: 4
Downloads: 47,183 total
Affected Version Ranges: <= 4.2.5
No known fixed version
All affected versions: 4.2.3, 4.2.4, 4.2.5
packagist:phpwhois/phpwhois
Dependent packages: 3Dependent repositories: 21
Downloads: 381,314 total
Affected Version Ranges: <= 4.2.5
No known fixed version
All affected versions: 4.2.3, 4.2.4, 4.2.5
packagist:jsmitty12/phpwhois
Dependent packages: 1Dependent repositories: 4
Downloads: 138,701 total
Affected Version Ranges: < 5.1.0
Fixed in: 5.1.0
All affected versions: 4.2.3, 4.2.4, 4.2.5, 5.0.1, 5.0.2
All unaffected versions: 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.4.1, 5.5.0, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 6.0.0, 6.0.1, 6.0.2