Mandriva Linux Security Advisory 2013-228 – Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via the id parameter to cacti/host.php. SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. The updated packages have been patched to correct these issues…. Mandriva Linux Security Advisory 2013-228 – Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via the id parameter to cacti/host.php. SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. The updated packages have been patched to correct these issues.
Read more http://packetstormsecurity.com/files/123161/MDVSA-2013-228.txt