A bug that leads to the emptying of the INI file contents if the database key was not found exists in PHP dba extension in versions 5.2.6, 4.4.9 and earlier.
Maksymilian Arciemowicz from Security Reason reports:
Function dba_replace() are not filtering strings key and value. There is a possibility for the destruction of the file.