Pattern: Use of backtick operator
Issue: -
Disallows the use of the backtick operator for execution of shell commands. Use of this operator is identical to shell_exec().
These functions are susceptible to Shell Injection attacks. Depending on your configuration, shell script injection can cause your application settings and configuration to leak, or your whole server to be hijacked.
Avoid passing tainted input to these functions - that is input somehow manipulated by the user - unless you're absolutely sure there's no way for it to be dangerous (which you never are without whitelisting).