CVE-2022-39291

Name of the Vulnerable Software and Affected Versions ZoneMinder (affected versions not specified)

Description The issue allows users with "View" system permissions to inject new data into the logs stored by ZoneMinder through an HTTP POST request to the "/zm/index.php" endpoint. This could affect database performance and/or consume all storage resources due to uncontrolled submission.

Recommendations Upgrade to a newer version to resolve the issue. At the moment, there is no information about specific versions that contain a fix for this vulnerability, so upgrading to the latest available version is advised.