The host is installed with Cacti 1.2.8 and is prone to an OS command injection vulnerability. A flaw is present in the application, which fails to handle graph_realtime.php. Successful exploitation could allow attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.