Mandriva Linux Security Advisory 2010-092 – SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. Additionally cacti has been upgraded to 0.8.7e for Corporate Server 4. The updated packages have been patched to correct this issue.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/89261/MDVSA-2010-092.txt
Source: https://packetstormsecurity.com/files/89261/Mandriva-Linux-Security-Advisory-2010-092.html