More details here: https://www.saotn.org/exploit-phps-mail-get-remote-code-exec...
PHP mail doc: http://php.net/manual/en/function.mail.php
A function that allows to pass arbitrary flags to a command line, what could go wrong... :)
mail('nobody@example.com', 'the subject', 'the message', null, '-fwebmaster@example.com');