{"id":"CVE-2024-35306","details":"OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through \u003c777.","modified":"2026-04-10T05:13:10.269848Z","published":"2024-06-10T15:15:51.700Z","references":[{"type":"ADVISORY","url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pandorafms/pandorafms","events":[{"introduced":"0"},{"fixed":"3c409813f14722c2290c7854f555599d9720d4d4"}],"database_specific":{"versions":[{"introduced":"700"},{"fixed":"777"}]}}],"versions":["5.0","5.1","6.0","tools"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35306.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}