The import_request_variables function in PHP 4.0.7 up to and including 4.4.6, and 5.x prior to 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows ...