when used in CGI mode remote attackers could inject command line arguments to php