An example injection vulnerability is shown below

$dir = $_GET['directory'];
$contents = `ls $dir`;
echo $contents;
What happens if I pass 'directory=/; rm -rf /'?