Cacti < 0.8.8b Command and SQL Injections

Cacti is a network graphing solution designed to use the power of RRDTool’s data storage and graphing functionality. According to its self-reported version number, the version of Cacti hosted on the remote web server is affected by command injection and SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may be able to leverage these issues to execute arbitrary code as well as access or modify the underlying database for the application