What are the potential pitfalls of using the exec() function in PHP to run shell commands?

The potential pitfalls of using the exec() function in PHP to run shell commands include security vulnerabilities such as command injection attacks if user input is not properly sanitized. To mitigate this risk, it is important to always sanitize user input and validate the commands being executed.

$command = escapeshellcmd($user_input);
exec($command);