Debian Linux Security Advisory 3423-1 - Several SQL injection vulnerabilities have been discovered in Cacti, an RRDTool frontend written in PHP. Specially crafted input can be used by an attacker in the rra_id value of the graph.php script to execute arbitrary SQL commands on the database.
c27b03bedc1d4f86e3ff26013e506674b7a595b483450b54fc20acb03aa88410