The remote web server uses an outdated version of PHP and is therefore exposed to a remote code execution vulnerability.
PHP version 5.6.0 contains an issue in the Post Handler due to an illegal use of efree() in function add_post_var(). This can be leveraged to cause arbitrary code execution.
Apply the vendor's patch, or upgrade to the latest version. This issue is fixed in version 5.6.1.