CRITICAL
PHP Gettext Project
CVE published 2017-02-07
CVE-2016-6175
CVE-2016-6175 is a critical remote code execution issue in php-gettext 1.0.12 and earlier. The flaw is an eval injection condition tied to a crafted plural forms header, which can allow arbitrary PHP code execution with no user interaction. NVD rates the issue CVSS 3.0 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps it to CWE-94.