Ubuntu Security Notice 6720-1 - Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graph_view.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks.
72a1060cc659927cdff0d3fabd91138203688e06b807e728473d37ed3e99a9d3