Multiple vulnerabilities has been found and corrected in cacti:

SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h
allows remote attackers to execute arbitrary SQL commands via the
login_username parameter (CVE-2011-4824).

Various vulnerabilities were discovered and fixed in the 0.8.7i version
(cacti bug 2062).

The updated packages provides the latest 0.8.7i version which are
not affected by these issues.