The "777" is octal for local permissions in the Unix sense; this means that the file can be written to by any process on this machine (all users have read and write access to the file). This is local: this is about access rights for process which run on the machine. Someone from the outer world does not have, by default, the possibility to make arbitrary process run on your system under any user ID.
However, you say "PHP", which means that you operate a Web site with PHP enabled. Thus, you may have a security hole in your site which allows an attacker, with the help of maliciously crafted requests, to trigger a file write operation where the attacker can choose the target file. The operation will be performed by the Web server process, with the user ID under which that process runs (e.g. www-data
-- that's what it does on my server). Since the target file is "world-writable", the write succeeds. The "777" access rights are not the security hole here, but they help the attacker by giving him ways to exploit the hole into further mischief.
(This is all guesswork. You are not exactly giving me a lot of information here.)