Many websites make use of command line calls to read files, send emails, and perform other native operations. If your site transforms untrusted input into shell commands, you need to take care to sanitize the input.