CVE-2022-29806: ZoneMinder before 1.36.13 allows remote code execution via an invalid ...

Severity: Critical

CVSS Score: 9.8

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.