Vulnerability Details : CVE-2015-5243
phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.
Vulnerability category: Execute code
Products affected by CVE-2015-5243
- cpe:2.3:a:phpwhois_project:phpwhois:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5243
5.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5243
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-5243
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5243
-
https://github.com/jsmitty12/phpWhois/blob/master/CHANGELOG.md
phpWhois/CHANGELOG.md at master · jsmitty12/phpWhois · GitHubRelease Notes;Third Party Advisory
-
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution
advisories/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution at public · sbaresearch/advisories · GitHubExploit;Third Party Advisory
-
https://github.com/sparc/phpWhois.org/commit/5cc572490c9053d46598ec9348a11e36a5a33a46#diff-f150ae17da7341bf6c2eff928684b3a3
All eval's removed · sparc/phpWhois.org@5cc5724 · GitHubPatch;Vendor Advisory
-
https://blog.nettitude.com/uk/cve-2015-5243-phpwhois-remote-code-execution
CVE-2015-5243 phpWhois Remote Code ExecutionThird Party Advisory
-
https://github.com/Gemorroj/phpwhois/commit/91c937e03c876ba1290b6de2a3ad953d2105fdd0
remove eval-s · Gemorroj/phpwhois@91c937e · GitHubPatch;Third Party Advisory
-
https://github.com/jsmitty12/phpWhois/issues/19
CVE-2015-5243: Remote Code Execution · Issue #19 · jsmitty12/phpWhois · GitHubIssue Tracking;Third Party Advisory
Jump to