CVE-2008-2051
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
Date published : 2008-05-05
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html