Session fixation vulnerability in Zoneminder 1.30 and previous versions allows remote malicious users to hijack web sessions via the ZMSESSID cookie.
zoneminder zoneminder