CVE-2015-6527

Name of the Vulnerable Software and Affected Versions PHP versions prior to 7.0.0

Description The issue is related to errors in the code of the php str replace in subject function in the PHP interpreter. It allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str ireplace function. Exploitation of this issue may enable a remote attacker to execute arbitrary code by inputting special parameters.

Recommendations For PHP versions prior to 7.0.0, update to version 7.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the str ireplace function until a patch is available. Avoid using crafted values in the third argument to the str ireplace function to minimize the risk of exploitation.