Using the php Function mb_eregi_Replace_Callback()
mb_eregi_replace() is an inbuilt function in PHP which allows you to perform case-insensitive regular expression search and replace with multibyte support. The mb_eregi_replace() function scans the string for matches to pattern, and if a match is found it will replace the string with the replacement. It will then return the resultant string on success, or FALSE on error.
An attacker can create remote code execution vulnerabilities by using this function with untrusted data and a callback function with a vulnerable PHP script. The Vigilance Vulnerability Alerts team rates this as a moderate risk.