This bug is a really simple directory traversal that you can use to write an arbitrary file on the system. The beauty of it is its exploitation (based on an exploit found on pastebin), the exploit bypasses 5 restrictions:
- It's valid python code.
- It starts with the string `drawing.`.
- It contains `def execute(p,r):` to be a valid MoinMoin plugin.
- It does not contain any dot (`.`)
- It is less than 100 characters (due to the tar format).
If you want to know more, check out our latest exercise on cve-2012-6081.