lib/rrd
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.
Exploitability
AV:N
AC:L
Au:N
Impact
C:P
I:P
A:P
7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P