phpinfo() crossite scripting, parse_str() register_globals activisation possibility, $GLOBALS variable modification witrh HTTP POST form 'fileupload' field. It's also possible to modify any variable with GLOBALS[variable].
vulners.com/securityvulns/securityvulns:doc:10075
vulners.com/securityvulns/securityvulns:doc:10076
vulners.com/securityvulns/securityvulns:doc:10077
vulners.com/securityvulns/securityvulns:doc:10368
vulners.com/securityvulns/securityvulns:doc:10427
vulners.com/securityvulns/securityvulns:doc:11219