PHP Security [documentation]
designed to be more secure than C or Perl for CGI programs
Obtrusive security measures often restrict the users’ desires to complete a specific action; resultantly, such softwares erode over time (unless there is no alternative to those software)
A chain [System] is as good as its weakest link [implementation].
Look at the code from a logical perspective to discern where unexpected data can be introduced and then follow how it is modified, reduced or amplified
The massive IP trawling does not distinguish between friends or foes.
CGI Binary and the related attacks caused while checking the cgi-bin/php permissions only, instead of checking the permission set for the remaining arguments in the URL.