Multiple remote vulnerabilities have been found in PHP's file upload code in v4.1.1 and below. Several flaws were found in the way PHP handles multipart/form-data POST requests. Each of the flaws allows attackers to execute arbitrary code on the victim's system. Patch available here.
ed473fb97e0b081cad501f6ed01a6f197383c53472b98403639543571232791a
CERT Advisory CA-2002-05 - File upload vulnerabilities in php_mime_split allow remote attackers to execute arbitrary code with the privileges of the PHP process in v4.1.1 and below. More information available here.
5e84d518810f643292c0e7af097fc9981d3b16dbaa751b86f38fd172cd3d4005