George-Karo

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.7 **Description** The issue is related to an authorization check error in the local graph id function of the Cacti server monitoring system. This allows a remote attacker to potentially access confidential data by bypassing authorization checks for viewing graphs. The exploitation involves making a direct request to the graph json.php endpoint with a modified `local graph id` parameter. **Recommendations** For Cacti versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the graph json.php endpoint to minimize the risk of exploitation.