Dimitri Fourny

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.0.0 **Description** The issue is related to errors in the code of the php str replace in subject function in the PHP interpreter. It allows remote attackers to execute arbitrary code via a crafted value in the third argument to the `str ireplace` function. Exploitation of this issue may enable a remote attacker to execute arbitrary code by inputting special parameters. **Recommendations** For PHP versions prior to 7.0.0, update to version 7.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `str ireplace` function until a patch is available. Avoid using crafted values in the third argument to the `str ireplace` function to minimize the risk of exploitation.