3 matches found
CVE-2023-39851
WebChess v1.0 contains a SQL injection vulnerability in mainmenu.php via the $playerID parameter. Root cause: lack of input validation/ sanitization allows external SQL input to be executed, potentially leaking sensitive data. Some sources dispute exploitability, noting $playerID may be server-co...
CVE-2023-22959
CVE-2023-22959 refers to a SQL injection vulnerability in WebChess versions 0.9.0 and 1.0.0.rc2. The flaw originates from vulnerable handling in mainmenu.php, chess.php, and opponentspassword.php, specifically affecting the txtFirstName and txtLastName parameters. The documented impact is high (C...
CVE-2019-20896
CVE-2019-20896 affects WebChess 1.0 and involves an SQL injection vulnerability exposed through the parameters: messageFrom, gameID, opponent, messageID, or to. The issue stems from insufficient input validation/parameter handling in WebChess 1.0, enabling an attacker to inject and execute arbitr...