Constructing arguments of system commands from user input is security-sensitive. It has led in the past to the following vulnerabilities:

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9920[CVE-2016-9920]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29472[CVE-2021-29472]

Arguments of system commands are processed by the executed program. The arguments are usually used to configure and influence the behavior of the programs.
Control over a single argument might be enough for an attacker to trigger dangerous features like executing arbitrary commands or writing files into specific directories.