CVE-2002-0985

Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.2.2

Description: The issue allows attackers to bypass safe mode restrictions and modify command line arguments to the MTA, such as sendmail, in the 5th argument to the mail() function, potentially altering MTA behavior and executing commands.

Recommendations: For PHP versions 4.x through 4.2.2, consider disabling the mail() function until a patch is available to prevent potential command execution. Restrict access to the mail function to minimize the risk of exploitation. Avoid using the 5th argument in the mail() function until the issue is resolved.