Launchpad.net

CVE 2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.

See the CVE page on Mitre.org for more details.