The host is installed with Cacti before 1.2.27 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle issues in Package Import feature. Successful exploitation allows an authenticated users having the Import Templates permission to execute arbitrary PHP code on the web server.