CVE-2008-1381
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
Date published : 2008-05-01
http://www.securityfocus.com/bid/28968
http://www.zoneminder.com/wiki/index.php/Change_History#Release_1.23.3