Mandriva Linux Security Advisory 2009-305 – PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. The updated packages have been patched to correct these issues.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83284/MDVSA-2009-305.txt
Source: https://packetstormsecurity.com/files/83284/Mandriva-Linux-Security-Advisory-2009-305.html