Sec-Down.com – The case started with a “Remote PHP Code Injection” vulnerability that later escalated to “Remote Command Execution”.
Simply, PHPCI occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as system(“id”) or any other php function/code.