CVE-2023-39851

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation...

PT-2023-27135 · Webchess · Webchess

Name of the Vulnerable Software and Affected Versions: webchess version 1.0 Description: A SQL injection issue was discovered in webchess via the $playerID parameter at the "mainmenu.php" endpoint. However, it is disputed by a third party who claims that the $playerID is a session variable...