Two SQL injection vulnerabilities were discovered in cacti, a web
interface for graphing of monitoring systems. Specially crafted input
can be used by an attacker in parameters of the graphs_new.php script to
execute arbitrary SQL commands on the database.