It looks like PHP has a nasty bug, and one that can cause some potentially wicked problems with unwanted database access. It's been discovered that PHP versions prior to 4.3.10 or 5.0.3 have problems connected with the way that serialisation and realpath commands are handled to gain escalated privileges. The result is that many web administrators are suffering problems from hackers. Fortunately, the problem has now been fixed.
The solution to the exploit is to upgrade to the latest version of PHP - either 4.3.10 or 5.0.3, depending on which thread you are running. The 4.3.10 build also includes some 5.x bugfixes and features which have been ported backwards.