CVE-2019-8428: ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views ...

Severity: Critical

CVSS Score: 9.8

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.