PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an extra 5th parameter was added to the mail() command breaking safemode, which will disclose information accessible by the webserver account resulting in a loss of confidentiality.
Upgrade to version 4.12 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Change the ini setting error_log. Disallow setting of ini variables in safemode