You're referring to a well-known vulnerability in PHP's email form validation.
The vulnerability you're referring to is likely related to a remote code execution (RCE) vulnerability in PHP, specifically in the mail() function, which is commonly used in contact forms. php email form validation - v3.1 exploit
The exploit typically involves crafting a malicious email header, which is then passed to the mail() function. By injecting specific command-line arguments, an attacker can execute arbitrary system commands. You're referring to a well-known vulnerability in PHP's
The vulnerability exists due to the lack of proper input validation in the mail() function, allowing an attacker to inject arbitrary data, including command-line arguments. This can lead to a remote code execution (RCE) vulnerability, enabling an attacker to execute arbitrary system commands. specifically in the mail() function