Bonsai information security reports:
A Vulnerability has been discovered in Cacti, which can be exploited by any user to conduct SQL Injection attacks. Input passed via the "export_item_id" parameter to "templates_export.php" script is not properly sanitized before being used in a SQL query.
The same source also reported a command execution vulnerability. This second issue can be exploited by Cacti users who have the rights to modify device or graph configurations.