A serious remote-code execution vulnerability in PHP was accidentally disclosed Wednesday. The bug has been known privately since January when a team of researchers used it in a capture the flag contest and then subsequently reported it to the PHP Group. The developers were still in the process of building the patch for the flaw when it was disclosed. There is no patch available for the bug discovered by the Eindbazen team, however they list a couple of technical workarounds in their post and have produced a file that includes both of them.
Source: https://threatpost.com/serious-remote-php-bug-accidentally-disclosed-050312/76517/