ZeroShell 2.0RC2 File Disclosure / Command Execution

Summary
ZeroShell is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Impact
An attacker can exploit this vulnerability to view files or execute arbitrary script code in the context of the web server process. This may aid in further attacks. Impact Level: Application
Solution
Updates are available.
Insight
Input to the 'Object' value in /cgi-bin/kerbynet is not properly sanitized
Affected
ZeroShell version 2.0RC2 is vulnerable other versions may also be affected.
Detection
Send a GET request which tries to include /etc/passwd and check the response.
References