Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.