php-shellcommand versions prior to 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
php-shellcommand project php-shellcommand