Comment 12 for bug 164072

this might be a different issue, but running checks with Nessus reported this problem on one of my machines:

"The version of Cacti does not properly check
whether the 'copy_cacti_user.php' script is being run from a
commandline and fails to sanitize user-supplied input before using it
in database queries. Provided PHP's 'register_argc_argv' parameter is
enabled, which is the default, an attacker can leverage this issue to
launch SQL injection attack against the underlying database and, for
example, add arbitrary administrative users."

I ran the test script at

http://milw0rm.com/exploits/3045

"successfully" with Dapper (Cacti 0.8.6h-ubuntu1)