SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the localgraphid parameter.
{ "urgency": "medium" }