Total vulnerabilities in the database
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
CVSS v3:
CVSS v2:
CWEs:
OWASP TOP 10: