CVE-2015-6527
Description
In PHP 7.x before 7.0.0, str_ireplace lacks type checking on its third argument, allowing arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In PHP 7.x before 7.0.0, str_ireplace lacks type checking on its third argument, allowing arbitrary code execution.
Vulnerability
The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x versions prior to 7.0.0 fails to validate the type of the third argument ($subject) passed to the str_ireplace function. When an attacker supplies a crafted non-string value, the internal function php_string_tolower can be invoked on an unexpected pointer, leading to memory corruption [2].
Exploitation
A remote attacker can call str_ireplace with a specially crafted value as the third argument, such as an integer or array, without needing authentication or user interaction beyond the normal PHP execution context. The lack of type checking allows the attacker to control assembly registers and trigger arbitrary code execution [2].
Impact
Successful exploitation allows an attacker to execute arbitrary code on the target system. This can lead to full compromise of confidentiality, integrity, and availability of the application and server running the vulnerable PHP version.
Mitigation
The issue was fixed in PHP 7.0.0 and later versions. Users should upgrade to PHP 7.0.0 or newer. If upgrading is not possible, avoid using str_ireplace with untrusted input as the third argument. No workaround is provided [2].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16<7.0.0+ 15 more
- (no CPE)range: <7.0.0
- cpe:2.3:a:php:php:7.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:rc7:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:rc8:*:*:*:*:*:*
- (no CPE)range: <7.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- bugs.php.net/bug.phpnvdExploitIssue TrackingVendor Advisory
- www.openwall.com/lists/oss-security/2015/07/30/11nvdMailing ListThird Party Advisory
- git.php.netnvd
News mentions
0No linked articles in our index yet.