Researchers urge developers to ban PHP SuperGlobal variables in applications. These variables are wide open to remote code execution, remote file inclusion and security bypasses.

The vulnerability was introduced by the fix for a hash collision denial-of-service flaw The PHP Group released PHP 5.3.10 on Thursday in order to address a critical security flaw that can be ...