PHP 5.3.7 was just released last week and that version contained fixes for a slew of security vulnerabilities. But now a serious flaw has been found in that new release that is related to the way that one of the cryptographic functions handles inputs. In some cases, when the crypt() function is called using MD5 salts, the function will return only the salt value instead of the salted hash value. The problem does not occur when using Blowfish or DES, only with MD5. The PHP Group, which maintains the scripting language, said in a bug report on the problem, it has fixed the issue in an intermediate build.
Source: https://threatpost.com/serious-crypto-bug-found-php-537-082211/75569/