Soo... I've been following a thread on Webhostingtalk where two security researchers are trying to get a vulnerability patched.
Well, in like 5 minutes, I found the little bugger. And since the original researchers have decided not to release it.. here is mine :)
All you need to do is run this url as a reseller and insert the command you wish to run and it will be executed as root.
Pretty slick. The new patch out today is still vulnerable aswell..
BTW you can basically null this software and access all of the cgi files except the main menu by adding this into your /etc/hosts file
127.0.0.1 zamfoo.com www.zamfoo.com