The patch can fix the issue

sudo pico /usr/share/cacti/site/include/config.php

replace what is under

/* Sanity Check on “Corrupt” PHP_SELF */

with

if ((!is_file($_SERVER[“PHP_SELF”])) && (!is_file($config[“base_path”] . ‘/’ . $_SERVER[“PHP_SELF”]))) {
if (!is_file($_SERVER[“DOCUMENT_ROOT”] . $_SERVER[“PHP_SELF”])) {
if (!((is_file($_SERVER[“SCRIPT_FILENAME”])) && (substr_count($_SERVER[“SCRIPT_FILENAME”], $_SERVER[“PHP_SELF”])))) {
if (!((is_file($_SERVER[“SCRIPT_FILENAME”])))) {
echo “\nInvalid PHP_SELF Path\n”;
exit;
}

Bad Behavior has blocked 88 access attempts in the last 7 days.