CVE 2007-4825
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
See the 
CVE page on Mitre.org
for more details.
