Debian Linux Security Advisory 1949-1 - It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments (no CVE yet) or execute arbitrary commands (CVE-2009-4024) on a system that uses php-net-ping.
bdc7b81a44b21ccf791c69f5151721ef005a43fa61e21e1cf386af20ea9abc31