spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
https://security.gentoo.org/glsa/201711-10
https://github.com/Cacti/cacti/issues/877
https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e