In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graphjson.php request with a modified localgraph_id parameter.
{ "ubuntu_priority": "medium" }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "cacti": "1.2.10+ds1-1ubuntu1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "cacti": "1.2.16+ds1-2ubuntu1" } ] }