The host is installed with Cacti 1.2.25 and is prone to a blind SQL injection vulnerability. A flaw is present in the application, which fails to properly handle the SNMP notification receivers feature in the file managers.php. Successful exploitation allows attackers with the Settings/Utilities permission to send a crafted HTTP GET request to the endpoint /cacti/managers.php with an SQLi payload in the selected_graphs_array HTTP GET parameter.