ZABBIX 'locales.php' 'extlang' Parameter Remote Code Execution

Summary
ZABBIX is prone to a Remote Code Execution. Input passed to the 'extlang' parameter in 'locales.php' is not properly sanitised before being used to process data. This can be exploited to execute arbitrary commands via specially crafted requests. ZABBIX 1.6.2 and possibly earlier versions are vulnerable.
Solution
Updates are available. Please see the references for more information.
References