iDEFENSE Security Advisory 06.22.05-3 - Cacti contains an input validation error in the top_graph_header.php script that allows an attacker to include arbitrary PHP code from remote sites. This in effect allows arbitrary code execution with the privileges of the web server.
76425a9c336f61cb7a418d47c71225952e7fee9c19374f80a5085a8d7d7c43c9