Get the Whitepaper called How to find RCE in scripts. This write up provides various examples and discusses remote command execution methods used against poorly written PHP code.
You can download it from the following link: https://packetstormsecurity.com/files/download/82059/findrce-vulns.txt
Source: https://packetstormsecurity.com/files/82059/Finding-Remote-Command-Execution-Vulnerabilities.html