The following code uses the `find` command and expects the user to enter the
name of a file to find on the system.

It is vulnerable to arguments injection because untrusted data is inserted
directly into the arguments of a process call without sanitization. +
The application assumes that incoming data always consists of a specific range
of characters and ignores that some characters might force the `find` command
to start a shell.

In this particular case, an attacker may remove files in `/some/folder` with the following string:

----
'*' -exec rm -rf {} \; 
----