CVE 2012-3513
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
See the
CVE page on Mitre.org
for more details.