It was discovered that PCL incorrectly handled certain malformed files.
If a user or automated system were tricked into opening a specially crafted
file, an attacker could possibly exploit this to cause a denial of service.
It was discovered that Cacti did not properly sanitize the ‘poller_id’
parameter in the “remote_agent.php” file. A remote attacker could
possibly use this issue to achieve remote code execution.