Hole in PHP Could Give Attacker Server Control