Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter.
https://www.exploit-db.com/exploits/5933
https://exchange.xforce.ibmcloud.com/vulnerabilities/43360
http://www.vupen.com/english/advisories/2008/1950/references
http://www.securityfocus.com/bid/30705
http://www.securityfocus.com/bid/29934