CVE-2019-8428 (zoneminder)

CVE-2019-8428 (zoneminder)

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.

Source: CVE-2019-8428 (zoneminder)