SQL injection vulnerability in graph.php in Cacti prior to 0.8.7a allows remote malicious users to execute arbitrary SQL commands via the local_graph_id parameter.
It was discovered that Cacti, a tool to monitor systems and networks,
performs insufficient input sanitising, which allows SQL injection
For the oldstable distribution (sarge) this problem has been fixed in
version 086c-7sarge5
For the stable distribution (etch) this problem has been fixed in
version 086i-32
For the unstable distribution (s ...