PHP versions below 4.4.4, 5.2.1, and 5.1.6 suffer from a readfile() safe mode bypass vulnerability.
2f92559142ea978bb19ae97f7de8910992d71b174807d71a769362f9bf62af97
phpPC versions 1.03 RC1 and below remote file inclusion exploit that makes use of /lib/functions.inc.php.
ad2925c57f561dbfd0854e20c1811a42d8daeaed395f59d39be3d75c890bed9c