Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. This is also fixed in 2.0.30.1: https://github.com/munin-monitoring/munin/issues/721
*** This bug has been marked as a duplicate of bug 610602 ***