Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16136
http://www.zoneminder.com/index.php?id=20&type=0&backPID=20&tt_news=29