CVE-2015-6527

The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
phpphp
7.0.0
phpphp
7.0.0:alpha1
phpphp
7.0.0:alpha2
phpphp
7.0.0:beta1
phpphp
7.0.0:beta2
phpphp
7.0.0:beta3
phpphp
7.0.0:rc1
phpphp
7.0.0:rc2
phpphp
7.0.0:rc3
phpphp
7.0.0:rc4
phpphp
7.0.0:rc5
phpphp
7.0.0:rc6
phpphp
7.0.0:rc7
phpphp
7.0.0:rc8
𝑥
= Vulnerable software versions
References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
http://www.openwall.com/lists/oss-security/2015/07/30/11
https://bugs.php.net/bug.php?id=70140
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
http://www.openwall.com/lists/oss-security/2015/07/30/11
https://bugs.php.net/bug.php?id=70140