CVE-2014-2328 (cacti, debian_linux, fedora, opensuse)
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Source: CVE-2014-2328 (cacti, debian_linux, fedora, opensuse)