SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.
Debian Linux Security Advisory 3312-1 - Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems.