From the advisory, posted at Linux Weekly News: "By providing a value for the the array element $_PHPLIB[libdir], an
intruder can force a script to load and execute scripts from another
This is because the value of $_PHPLIB[libdir] gets initalized *only*
if not already set."
July 26, 2001