PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter.
http://www.securityfocus.com/archive/1/514939/100/0/threaded
http://secunia.com/advisories/42347