Entropt

**Name of the Vulnerable Software and Affected Versions** ZoneMinder versions prior to 1.37.65 **Description** ZoneMinder, a free and open source closed-circuit television software application, contains a boolean-based SQL injection flaw. This issue occurs due to a lack of input validation for the `tagId` parameter within the 'web/ajax/event.php' endpoint, which allows a remote attacker to manipulate SQL queries and potentially execute arbitrary code. **Recommendations** Update to version 1.37.65. As a temporary workaround, restrict access to the 'web/ajax/event.php' endpoint or avoid using the `tagId` parameter until the update is applied.