phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.