Gentoo Linux Security Advisory 202004-16 - Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code. Versions less than 1.2.11 are affected.
a6c29ffd3873fdfd7fee07eb84119f4e33133b4087c3065b62c2d4a43a108602
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege.
ddfd448fc925b28a03aaba73be8f9999625bb6879802ec1b4e35f2eeef4e1d87
Cacti version 1.2.8 suffers from an authenticated remote code execution vulnerability.
56cc6422c5477bd9cb39748c97408cbda4d9c2b376cadcbfd9f1e8930b549790
Cacti version 1.2.8 suffers from an unauthenticated remote code execution vulnerability.
b14631bfc6fe1d158869f68e3d4b39c3a7081d27db7f6278239eea4c70b81555