Mayfly277

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.2.12 **Description** A SQL injection issue in the color.php file allows an admin to inject SQL via the `filter` parameter. This can lead to remote command execution because the product accepts stacked queries. **Recommendations** For Cacti version 1.2.12, avoid using the `filter` parameter in the color.php file until a patch is available. As a temporary workaround, consider restricting access to the color.php file to minimize the risk of exploitation.