Comment 1 for bug 78453

This is quite easy to work around. Add the following lines to /etc/cacti/apache.conf:

        <Files cmd.php>
                Deny from All
        </Files>
        <Files poller.php>
                Deny from All
        </Files>

These script shouldn't be reachable through the webserver anyways.