Severity: Critical
CVSS Score: 9.8
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.