zoneminder is vulnerable to Authentication Bypass. The vulnerability exists due to the improper permissions check on the snapshot action, which trigger ends up calling shell_exec
using the supplied Id, allowing an attacker to bypass the authorization mechanism by injecting and executing malicious code.