lib.php in Zeroboard 4.1 pl7 allows remote malicious users to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php.
xpressengine zeroboard 4.1