FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php.
View the template here CVE-2024-39914.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-39914