JAMSS rule #23 checks for these php functions:
exec|passthru|shell_exec|system|proc_|popen
if any is present in the script, the alert [23] will be triggered. Possibly JAMSS doesn't report the correct line or filename, but simply run a
grep -rE "(?:exec|passthru|shell_exec|system|proc_|popen)[\w\W\s/\*]*\([\s/\*\#\'\"\w\W\-\_]*" .
on the command line and you should see the actual files and the line numbers. Careful: you'll also get some extra false positives.