escapeshellcmd -> escapeshellarg

documentation/modules/exploit/linux/http/elfinder_archive_cmd_injection.md

@@ -4,7 +4,7 @@ elFinder versions below 2.1.59 are vulnerable to a command injection
 vulnerability via its archive functionality.
 
 When creating a new zip archive, the `name` parameter is sanitized
-with the `escapeshellcmd()` php function and then passed to the
+with the `escapeshellarg()` php function and then passed to the
 `zip` utility. Despite the sanitization, supplying the `-TmTT`
 argument as part of the `name` parameter is still permitted and
 enables the execution of arbitrary commands as the `www-data` user.