βenable-force-cgi-redirect option doesn't work. It allows remote file access and custom PHP code execution.
vulners.com/securityvulns/securityvulns:doc:4089