SQL Injection
ZoneMinder is vulnerable to SQL Injection. The vulnerability is due to unsanitized parameters being directly passed to an SQL query in WWW/AJAX/watch.php, and attackers can exploit this to execute arbitrary SQL commands on the database...