I dont know about any current issues with it, though I agree with the statement that you should never use shell calls with user provided input.
That is a major risk, mainly as it depend on the OS running, the OS version, PHP version etc. Something that is safe today, might be a vulnerability in the future.
If you have a specific thing the user should be able to do, I would create a specific function for that instead of giving them access to type their commands. Though keep in mind I have no idea what your trying to make, and I assume it is not a PHP Bash System