Php · Php · CVE-2006-1015
**Name of the Vulnerable Software and Affected Versions**
PHP versions 3.x through 5.x
**Description**
The issue allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments when used with sendmail and when accepting remote input for the `additional parameters` argument to the `mail` function.
**Recommendations**
For PHP versions 3.x through 5.x, consider restricting access to the `mail` function or disabling the use of sendmail until a proper fix is applied. As a temporary workaround, avoid using the `additional parameters` argument in the `mail` function to minimize the risk of exploitation.