Month Of PHP Security - PHP's str_getcsv() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
6d847b738c636eb4f640142e72e0b46a26a2e4392356290dcf389a42c4b57155